Message-ID: <CAJ6ShiGgC7Dnp9kYuk_hB4TkdDmU6Ma-fxOYizdYoqGWisR4ng@mail.gmail.com>
Date: Thu, 4 Aug 2011 03:49:04 -0300
From: Advisories PontoSec <advisories@...tosec.com>
To: undisclosed-recipients: ;
Subject: Community Server - Reflected Cross-Site Scripting -

Community Server - Reflected Cross-Site Scripting - TagSelector.aspx

- Product description:
Community Server is a communities and collaboration web application
developed by Telligent.
It uses ASP.NET platform (C#) and Microsoft SQL Server database. From
it's 5.0 version, the software was renamed to Telligent Community.

- Vulnerability Details:
It is possible to insert scripts at the page (Cross-site Scripting)
through the TagEditor parameter (GET) from /utility/TagSelector.aspx.

- Proof of Concept:
When accessing the TagSelector.aspx file, setting the TagEditor value
as “ ‘);%0Aalert(1);</script>  ”, an alert box containing a number 1
appears, confirming the vulnerability.

Example: http://site.example/utility/TagSelector.aspx?TagEditor=’);%0Aalert(1);</script>


- Affected Versions:
Community Server 2007
Community Server 2008
(may affect others)

- Unaffected Versions:
Telligent Community 5.x or earlier

- Timeline:
[05/25/10] Vulnerability details sent to address for security related
contacts present at company's website, although the address did not
exist.
[05/26/10] Ticket opened asking for contact to send off vulnerability details.
[05/26/10] Ticket's answer received, containing e-mail for the sending
of vulnerability details.
[05/26/10] Vulnerability details sent.
[05/26/10] Answer received informing that vulnerability did not exist
on latest versions of the product.
[07/15/11] Advisory published.

Credits:
PontoSec - Segurança da Informação < http://www.pontosec.com > -
Researcher: Gabriel Lima (gabriel <at> pontosec.com)

Powered by blists - more mailing lists