lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 02 Sep 2013 19:25:28 +0200
From: klondike <klondike@...ndike.es>
To: full-disclosure@...ts.grok.org.uk
Subject: Permanent XSS and user enumeration on
	campus-party.eu

It's possible to do a permanent XSS injection on the campus-party.eu
website.

For this when you register in the website through
https://www.campus-party.eu/webapp/participante/personalData?to= you
need to put your code in the name field taking into account that it will
be converted into caps when reflected. Once done the code can be found
at https://www.campus-party.eu/webapp/participante/loginBox and at
https://www.campus-party.eu as long as the user is logged in.

This vulnerability could be used for example with fishing attacks to
steal user data amongst other things by making the user login with the
given data and then asking him to enter an appropriate address.

To make things more interesting, the
https://www.campus-party.eu/webapp/participante/personalData?to= and the
https://www.campus-party.eu/webapp/participante/solicitudRestaurarPasswordForm
can be used by spammers to check whether a particular e-mail is
registered or not on the website since they will report back that
information.

The first one can be used without side effects by entering a single
character password resulting either in an error regarding password
length or in a notice that the e-mail was already registered.

The second one can be used just by entering the e-mail and checking the
resulting message, but will have as a side effect that an e-mail will be
sent back to the registered users asking them to reset their password.

I hope this information is useful,
klondike


Download attachment "signature.asc" of type "application/pgp-signature" (264 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists