lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CAPYM6VxfmoDZoyxGjp1gj=3sN6w1-z8DsCcqMcac7=hjBJ5x_g@mail.gmail.com>
Date: Mon, 16 Apr 2012 00:34:10 +0800
From: YGN Ethical Hacker Group <lists@...g.net>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>,
	bugtraq <bugtraq@...urityfocus.com>, 
	secalert@...urityreason.com, bugs@...uritytracker.com, 
	vuln <vuln@...unia.com>, vuln@...urity.nnov.ru, news@...uriteam.com, 
	moderators@...db.org, submissions@...ketstormsecurity.org, 
	submit@...ecurity.com, oss-security@...ts.openwall.com
Subject: FastPath Webchat | Multiple Cross Site Scripting
	Vulnerabilities

1. OVERVIEW

Fastpath WebChat is vulnerable to Cross Site Scripting.


2. BACKGROUND

Fastpath WebChat is part of the Fastpath product. It provides a way
for users to begin chatting with support agents using Fastpath.
Fastpath is a plugin of OpenFire, a real time collaboration (RTC)
server for instant messaging.  Fastpath provides queuing and routing
for instant messaging to intelligently link people together.


3. VULNERABILITY DESCRIPTION

Multiple parameters were not properly sanitized, which allows attacker
to conduct Cross Site Scripting attack. This may allow an attacker to
create a specially crafted URL that would execute arbitrary script
code in a victim's browser.


4. VERSIONS AFFECTED

4.0.0 (released date: Aug 5, 2008)


5. VULNERABLE PARAMETERS

File: webapp/agentinfo.jsp	
Parameters: agentName, emailValue, jid, nameValue, title

File: webapp/chat-ended.jsp	 	
Parameter: workgroup

File: webapp/chatmain.jsp	
Parameters: chatID, workgroup

File: webapp/chatroom.jsp	
Parameters: email, jid, userNickname, question

File: webapp/contact-agent.jsp	
Parameter: email

File: webapp/email/leave-a-message.jsp	
Parameter: workgroup	

File: webapp/email/offline-mail.jsp	 	
Parameter: workgroup

File: webapp/queue_updater.jsp	 	
Parameters: chatID, workgroup	

File: webapp/style.jsp
Parameter: 	 workgroup	

File: webapp/transcriptmain.jsp	
Parameters: 	chatID, workgroup

File: webapp/transcriptsrc.jsp
Parameters:  from, text


6. SOLUTION

Fastpath WebChat is no longer in active development.
Ref: http://www.igniterealtime.org/projects/openfire/plugins.jsp
Ref: http://fisheye.igniterealtime.org/browse/svn-org/openfire/trunk/src/plugins/fastpath/src/web


7. VENDOR

Jive Software
http://www.jivesoftware.com/


8. CREDIT

This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.


9. DISCLOSURE TIME-LINE

2012-04-15: vulnerability disclosed


10. REFERENCES

Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/%5Bfastpath-webchat%5D_multiple_cross_site_scripting
What XSS Can Do: http://yehg.net/lab/pr0js/view.php/What%20XSS%20Can%20Do.pdf
XSS FAQs: http://www.cgisecurity.com/articles/xss-faq.shtml
XSS (wiki): http://en.wikipedia.org/wiki/Cross-site_scripting
XSS (owasp): http://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
OWASP Top 10: http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
CWE-79: http://cwe.mitre.org/data/definitions/79.html


#yehg [2012-04-15]

---------------------------------
Best regards,
YGN Ethical Hacker Group
Yangon, Myanmar
http://yehg.net
Our Lab | http://yehg.net/lab
Our Directory | http://yehg.net/hwd

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ