| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 16 Apr 2012 00:34:10 +0800 From: YGN Ethical Hacker Group <lists@...g.net> To: full-disclosure <full-disclosure@...ts.grok.org.uk>, bugtraq <bugtraq@...urityfocus.com>, secalert@...urityreason.com, bugs@...uritytracker.com, vuln <vuln@...unia.com>, vuln@...urity.nnov.ru, news@...uriteam.com, moderators@...db.org, submissions@...ketstormsecurity.org, submit@...ecurity.com, oss-security@...ts.openwall.com Subject: FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities 1. OVERVIEW Fastpath WebChat is vulnerable to Cross Site Scripting. 2. BACKGROUND Fastpath WebChat is part of the Fastpath product. It provides a way for users to begin chatting with support agents using Fastpath. Fastpath is a plugin of OpenFire, a real time collaboration (RTC) server for instant messaging. Fastpath provides queuing and routing for instant messaging to intelligently link people together. 3. VULNERABILITY DESCRIPTION Multiple parameters were not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED 4.0.0 (released date: Aug 5, 2008) 5. VULNERABLE PARAMETERS File: webapp/agentinfo.jsp Parameters: agentName, emailValue, jid, nameValue, title File: webapp/chat-ended.jsp Parameter: workgroup File: webapp/chatmain.jsp Parameters: chatID, workgroup File: webapp/chatroom.jsp Parameters: email, jid, userNickname, question File: webapp/contact-agent.jsp Parameter: email File: webapp/email/leave-a-message.jsp Parameter: workgroup File: webapp/email/offline-mail.jsp Parameter: workgroup File: webapp/queue_updater.jsp Parameters: chatID, workgroup File: webapp/style.jsp Parameter: workgroup File: webapp/transcriptmain.jsp Parameters: chatID, workgroup File: webapp/transcriptsrc.jsp Parameters: from, text 6. SOLUTION Fastpath WebChat is no longer in active development. Ref: http://www.igniterealtime.org/projects/openfire/plugins.jsp Ref: http://fisheye.igniterealtime.org/browse/svn-org/openfire/trunk/src/plugins/fastpath/src/web 7. VENDOR Jive Software http://www.jivesoftware.com/ 8. CREDIT This vulnerability was discovered by Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar. 9. DISCLOSURE TIME-LINE 2012-04-15: vulnerability disclosed 10. REFERENCES Original Advisory URL: http://yehg.net/lab/pr0js/advisories/%5Bfastpath-webchat%5D_multiple_cross_site_scripting What XSS Can Do: http://yehg.net/lab/pr0js/view.php/What%20XSS%20Can%20Do.pdf XSS FAQs: http://www.cgisecurity.com/articles/xss-faq.shtml XSS (wiki): http://en.wikipedia.org/wiki/Cross-site_scripting XSS (owasp): http://www.owasp.org/index.php/Cross-site_Scripting_(XSS) OWASP Top 10: http://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project CWE-79: http://cwe.mitre.org/data/definitions/79.html #yehg [2012-04-15] --------------------------------- Best regards, YGN Ethical Hacker Group Yangon, Myanmar http://yehg.net Our Lab | http://yehg.net/lab Our Directory | http://yehg.net/hwd _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists