lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <57162B9A.6010304@rv3lab.org> Date: Tue, 19 Apr 2016 14:59:06 +0200 From: "research@...lab.org" <research@...lab.org> To: submissions@...ketstormsecurity.com, fulldisclosure@...lists.org, pen-test@...urityfocus.com, bugs@...uritytracker.com, bugtraq@...urityfocus.com, submit@...7day.com, submit@...ecurity.com, full-disclosure@...ts.grok.org.uk Subject: [FD] Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1 ################################################### 01. ### Advisory Information ### Title: Multiple Reflected XSS vulnerabilities in Oliver (formerly Webshare) v1.3.1 Date published: 2016-15-04 Date of last update: 2014-03-04 Vendors contacted: Oliver (formerly Webshare) v1.3.1 Discovered by: Rv3Laboratory [Research Team] Severity: Medium 02. ### Vulnerability Information ### CVE reference: CVE-2014-2710 VU#279207 OVI-2016-7982 CVSS v2 Base Score: 4.3 CVSS v2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) Component/s: Oliver (formerly Webshare) v1.3.1 Class: Input Validation Error 03. ### Introduction ### Oliver is a PHP-based front-end to FTP, released under the GPL. http://oliver.sourceforge.net/ https://sourceforge.net/projects/oliver/ 04. ### Vulnerability Description ### Multiple Non-Persistent Cross-Site Scripting vulnerabilities have been identified in the Oliver (formerly Webshare) web application. Oliver contains a flaw that allows multiple reflected cross-site scripting (XSS) attacks. This flaw exists because certain pages do not validate input before returning it to users. Vulnerable file(s): index.php (login page) loginform-inc.php (login form) Request Method(s): GET 05. ### Technical Description / Proof of Concept Code ### The vulnerability is located in the pages http://localhost/oliver/index.php http://localhost/oliver/loginform-inc.php The application does not validate correctly the URL upon submission. The attacker can inject the malicious javascript code: <isindex x="javascript:" onmouseover="alert('Rv3Lab XSS')"> http://localhost/oliver/index.php/<isindex x="javascript:" onmouseover="alert('Rv3Lab XSS')"> http://localhost/oliver/loginform-inc.php/<isindex x="javascript:" onmouseover="alert('Rv3Lab XSS')"> 06. ### Business Impact ### This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. 07. ### Systems Affected ### This vulnerability was tested against: Oliver (formerly Webshare) v1.3.0 and v1.3.1 Older versions are probably affected too, but they were not checked. 08. ### Vendor Information, Solutions and Workarounds ### Currently, there are no known upgrades or patches to correct this vulnerability. Oliver (formerly Webshare) No longer supported 09. ### Credits ### Rv3Laboratory [Research Team] - www.Rv3Lab.org This vulnerability has been discovered by: Rv3Lab - [www.rv3lab.org] - research(at)rv3lab(dot)org Christian Catalano aka wastasy - wastasy(at)rv3lab(dot)org Massimo Piccinno aka MaxPic - maxpic(at)rv3lab(dot)org 10. ### Vulnerability History ### April 03rd, 2013: Vulnerability identification April 18th, 2013: No response received April 15th, 2014: No response received - Oliver (formerly Webshare) No longer supported April 15th, 2016: Public Security advisory released 11. ### Disclaimer ### The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. We accept no responsibility for any damage caused by the use or misuse of this information. 12. ### About Rv3Lab ### Rv3Lab is an independent Security Research Lab. For more information, please visit [www.Rv3Lab.org] For more information regarding the vulnerability feel free to contact the Rv3Research Team: research(at)rv3lab(dot)org ################################################### _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists