Next Page >>
cross/site scripting attack
Version: 7.5.0
Hardware: Tomcat/Oracle
Vulnerability: Cross-Site Scripting, Phishing Through Frames,
Application Error
Overview:
[5] http://secunia.com/advisories/34220/
APPENDIX: Advisories
====================================================
Advisory: “Cross-Site Scripting” in Avatar uploads in fluxBB
Application: fluxBB
Vulnerable Versions: 1.3-legacy and older 1.3 versions.
Reported By: Jacques Copeau
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Multiple Cross Site Scripting (XSS)
Remotely Exploitable: Yes
Locally Exploitable: Yes
CVE Name: CVE-2010-0432
Release Type: Co-ordinated, responsible disclosure
2. Vulnerability Information
------------------------------------------------------------------------------------------------------------------------
Class: Cross Site Request Forgery, Cross Site Scripting, File Path
Disclosure, Local File Inclusion, Authentication Bypass and PHP Command
Injection
Remotely Exploitable: Yes
Locally Exploitable: No
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Denial of service (DoS), Cross site scripting (XSS)
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 34150, 34152, 34153
CVE Name: N/A
Release mode: Coordinated release
2. *Vulnerability Information*
Class: Cross site scripting (XSS)
Remotely Exploitable: Yes
Locally Exploitable: No
Bugtraq ID: 34154, 34155
CVE Name: CVE-2009-1729
#=cicatriz <c1c4tr1z@voodoo-labs.org>=#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~(advisories)=#
/) /) /)
_ _ _______(/ ________ // _ (/_ _ _____ _
(/__(_)(_)(_(_(_)(_) (/_(_(_/_) /_)_ o (_)/ (_(_/_
.-/
#=Phorum < 5.2.10 Cross-Site Scripting/Request Forgery=#=~~~~~~~~~~~~~~~(_/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
#=Advisory & Vulnerability Information=#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
Title: Phorum < 5.2.10 Cross-Site Scripting/Request Forgery
Advisory ID: VUDO-2009-1504
Version: 1.4.3
From: Remote
Severity: Extremely Critical
Impact:
Manipulation of data
Cross-Site Scripting
Type of Advisory: Full Disclosure
_________________
Software Description |
===============
#=cicatriz <c1c4tr1z@voodoo-labs.org>=#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~(advisories)=#
/) /) /)
_ _ _______(/ ________ // _ (/_ _ _____ _
(/__(_)(_)(_(_(_)(_) (/_(_(_/_) /_)_ o (_)/ (_(_/_
.-/
#=net2ftp <= 0.97 Cross-Site Scripting/Request Forgery=#=~~~~~~~~~~~~~~~(_/~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
#=Advisory & Vulnerability Information=#=~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=#
Title: net2ftp <= 0.97 Cross-Site Scripting/Request Forgery
Advisory ID: VUDO-2009-0804
Vulnerabilities:
------------------
1- Cross Site Scripting (XSS) in "/page.php" in "sid","logincase" and "redirect" parameters.
http://yoursite/page.php?sid=[XSS]
http://yoursite/page.php?logincase=[XSS]
http://yoursite/page.php?redirect=[XSS]
2- Cross Site Scripting (XSS) in "/page_arch.php" in "sid","logincase" and "redirect" parameters.
2.3.1. Exploit:
Check the exploit section.
2.4. Failure to Restrict URL Access [in "mailPage.asp"]. Everyone can mailbomb others.
2.4.1. Exploit:
Check the exploit section.
2.5. Cross Site Scripting (XSS) [in "showThumb.aspx"]. Reflected XSS attack by circumventing the ASP.Net XSS denier (Path disclosure on the open error mode).
2.5.1. Exploit:
Check the exploit section.
2.6. Cross Site Scripting (XSS), Failure to Restrict URL Access [in "process_send.asp"]. Redirect Reflected XSS Attack In "SB_redirect" parameter. Reflected XSS, Content Spoofing In "SB_feedback" parameter. Everyone can mailbomb others.
2.6.1. Exploit:
Check the exploit section.
Dear users of TYPO3,
It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library fe_adminlib.inc allows Cross Site Scripting (XSS).
=== Component Type ===
TYPO3 Core
=== Affected Versions ===
TYPO3 versions 3.x, 4.0 to 4.0.7, 4.1 to 4.1.6, 4.2
2.1.1. Exploit:
Check the exploit/POC section.
2.2. Injection Flaws. SQL Injection in "/rating.php" in "book_id" parameter.
2.2.1. Exploit:
Check the exploit/POC section.
2.3. Cross Site Scripting (XSS). Reflected XSS attack in "/login.php" in URL parameters.
2.3.1. Exploit:
Check the exploit/POC section.
2.4. Cross Site Scripting (XSS). Reflected XSS attack in "/hta/htmlarea.js.php" in "glb_sid" parameters.
2.3.1. Exploit:
Check the exploit/POC section.
2.1.1. Exploit:
Check the exploit/POC section.
2.2. Injection Flaws. SQL Injection in "/rating.php" in "book_id" parameter.
2.2.1. Exploit:
Check the exploit/POC section.
2.3. Cross Site Scripting (XSS). Reflected XSS attack in "/login.php" in URL parameters.
2.3.1. Exploit:
Check the exploit/POC section.
2.4. Cross Site Scripting (XSS). Reflected XSS attack in "/hta/htmlarea.js.php" in "glb_sid" parameters.
2.3.1. Exploit:
Check the exploit/POC section.
2.1.1. Exploit:
Check the exploit/POC section.
2.2. Injection Flaws. SQL Injection in "/rating.php" in "book_id" parameter.
2.2.1. Exploit:
Check the exploit/POC section.
2.3. Cross Site Scripting (XSS). Reflected XSS attack in "/login.php" in URL parameters.
2.3.1. Exploit:
Check the exploit/POC section.
2.4. Cross Site Scripting (XSS). Reflected XSS attack in "/hta/htmlarea.js.php" in "glb_sid" parameters.
2.3.1. Exploit:
Check the exploit/POC section.
Class: Cross-Site Scripting (XSS) Vulnerability
CVE: CVE-2010-0475
Remote: Yes
Local: Yes
Published: May 11, 2010 08:30AM
Timeline:Submission to MITRE: 1/18/2010
Vendor Contact: 2/18/2010
Vendor Response: 2/18/2010
Patch Available: 5/2010 Patched in maintenance releases (3.1.1 & 3.0.9)
Credit: Jeromie Jackson CISSP, CISM
SEC Consult Security Advisory < 20090415-0 >
==========================================================================
title: Novell Teaming Multiple Vulnerabilities
* Username Enumeration
* Multiple Cross Site Scripting
* Includes vulnerable Liferay portal
program: Novell Teaming
vulnerable version: 1.0.3
homepage: http://www.novell.com/products/teaming/
found: February 2009
It is possible to pass SQL statements to the backend database through
a SQL injection vulnerability. Depending on the particular
runtime environment and database permissions it is even possible to
write files to disk and execute code on operating system level.
3) Multiple Cross-Site Scripting
Permits arbitrary insertion of HTML- and JavaScript code in login.jsp.
An attacker could also manipulate a parameter to specify
a destination to which a user will be forwarded to after successful
authentication.
Syhunt: HFS (HTTP File Server) Template Cross-Site Scripting and
Information Disclosure Vulnerabilities
Advisory-ID: 200801161
Discovery Date: 1.16.2008
Release Date: 1.23.2008
Affected Applications: HFS 2.0 to and including 2.3(Beta Build
#174)
Non-Affected Applications: HFS 1.6a and earlier versions
Class: Cross-Site Scripting (XSS), Information Disclosure
Release Type: Co-ordinated, responsible disclosure
2. Vulnerability Information
----------------------------------------------------------------------------------------------
Class: SQL Injection, Insecure File Upload, Cross Site Scripting,
Filepath Disclosure
Remotely Exploitable: Yes
Locally Exploitable: No
(http://www.securityfocus.com/archive/1/505251/30/0/threaded). There I made
enough arguments why it's dangerous vulnerability and why Mozilla and
Michal are not right and so it's better to fix it. Read my message at
Bugtraq, maybe it'll change your mind on this issue ;-).
> The best way to defend against any Cross Site Scripting attacks is to
> sanitize all inputs and outputs properly on your website
XSS vulnerabilities must be fixed and when they are made at web sites, then
they must be fixed at web sites. But in this case browsers developers made
XSS holes (JavaScript execution) in redirectors, so they just from
url, menu, sort, check[], edituser, edit, blog, cat.
Path Disclosure:
http://[HOST]/pivot/pivot/tb.php?tb_id=1&url='
Cross Site Scripting: (can only be triggered when One is not logged in).
http://[HOST]/pivot/pivot/index.php?menu="><script>alert(0)</script><br
Cross Site Scripting: (triggers on logged in administrators only) [low
or no impact due to session-key in url]
http://[HOST]/pivot/pivot/index.php?session=VALIDSESSION&menu=entries&sort="><script>alert(0)</script>
Advisory: IceWarp WebMail Server: User-assisted Cross Site Scripting in
RSS Feed Reader
During a penetration test, RedTeam Pentesting discovered that the
IceWarp WebMail Server is prone to user-assisted Cross Site Scripting
attacks in its RSS feed reader. If attackers control or compromise an
RSS feed users are subscribed to, they can run arbitrary JavaScript code
in the users' browsers by embedding it within the feed.
Advisory: IceWarp WebMail Server: Cross Site Scripting in Email View
During a penetration test, RedTeam Pentesting discovered that the IceWarp
WebMail Server is prone to Cross Site Scripting attacks in its email view.
This enables attackers to send emails with embedded JavaScript code,
for example, to steal users' session IDs.
Details
=======
III. ANALYSIS
Summary:
A) Prelude to the vulnerabities
B) Cross Site Scripting
C) HTTP Response Header Injection
D) HTTP Response Splitting
A) Prelude to the vulnerabities
Hello Bugtraq!
I want to warn you about new vulnerabilities in Invision Power Board.
These are Cross-Site Scripting vulnerabilities. Attack is going via
attachment (at click on the attachment in the post at forum or on the link
to this attachment). These are persistent XSS vulnerabilities.
I know for a long time about possibility of attacks via swf-files. So many
years ago I turned off support of swf-files in attachments (and in avatars
functionality.
The ASP.Net view state is typically stored in a hidden field
named "__VIEWSTATE". When a page's view state is not
cryptographically signed, many standard .Net controls are
vulnerable to Cross-Site Scripting (XSS) through the view
state.
It is well documented that using an unsigned view state is
"bad", but most previous advisories focus on vaguely
described threats or vulnerabilities introduced by custom
functionality.
The ASP.Net view state is typically stored in a hidden field
named "__VIEWSTATE". When a page's view state is not
cryptographically signed, many standard .Net controls are
vulnerable to Cross-Site Scripting (XSS) through the view
state.
It is well documented that using an unsigned view state is
"bad", but most previous advisories focus on vaguely
described threats or vulnerabilities introduced by custom
functionality.
The ASP.Net view state is typically stored in a hidden field
named "__VIEWSTATE". When a page's view state is not
cryptographically signed, many standard .Net controls are
vulnerable to Cross-Site Scripting (XSS) through the view
state.
It is well documented that using an unsigned view state is
"bad", but most previous advisories focus on vaguely
described threats or vulnerabilities introduced by custom
functionality.
The ASP.Net view state is typically stored in a hidden field
named "__VIEWSTATE". When a page's view state is not
cryptographically signed, many standard .Net controls are
vulnerable to Cross-Site Scripting (XSS) through the view
state.
It is well documented that using an unsigned view state is
"bad", but most previous advisories focus on vaguely
described threats or vulnerabilities introduced by custom
Next Page>>
|
