YGN Ethical Hacker Group Blog

1. OVERVIEW Acuity CMS 2.6.x (ASP-based) versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION "UserName" parameter is not properly sanitized upon submission to the URL, /admin/login.asp , which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED Tested in version 2.6.2. 5. PROOF-OF-CONCEPT/EXPLOIT http://localhost/admin/login.asp?UserName= "><script>prompt(/xss/)</script> 6. SOLUTION The Acunity CMS is no longer in active development. It is recommended to user another CMS in active development and support. 7. VENDOR The Collective http://www.thecollective.com.au/ 8. CREDIT Aung Khant, http://yehg.net , YGN Et...

1. OVERVIEW Beatz 1.x versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Beatz is a set of powerful Social Networking Script Joomla! 1.5 plugins that allows you to start your own favourite artist band website. Although it is just a Joomla! plugin, it comes with full Joolma! bundle for ease of use and installation. 3. VULNERABILITY DESCRIPTION Multiple parameters were not properly sanitized upon submission, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. The vulnerable plugins include: com_find, com_charts and com_videos. 4. VERSIONS AFFECTED Tested in 1.x versions 5. PROOF-OF-CONCEPT/EXPLOIT == Generic Joomla! 1.5 Double Encoding XSS http://localhost/beatz/?option=com_content&view=frontpage&limitstart=5&%2522%253e%253c%2573%2563%2572%2569%2570%2574%253e%2561%256c%2565%2572%2574%2528%2f%2558%2553%2553%2f%2529%253c%2f%2573%...

1. OVERVIEW Fastpath WebChat is vulnerable to Cross Site Scripting. 2. BACKGROUND Fastpath WebChat is part of the Fastpath product. It provides a way for users to begin chatting with support agents using Fastpath. Fastpath is a plugin of OpenFire, a real time collaboration (RTC) server for instant messaging. Fastpath provides queuing and routing for instant messaging to intelligently link people together. 3. VULNERABILITY DESCRIPTION Multiple parameters were not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED 4.0.0 (released date: Aug 5, 2008) 5. VULNERABLE PARAMETERS File: webapp/agentinfo.jsp Parameters: agentName, emailValue, jid, nameValue, title File: webapp/chat-ended.jsp Parameter: workgroup File: webapp/chatmain.jsp Parameters: chatID, workgroup File: webapp/chatroom.jsp Parameters: email, jid,...