Posts

Showing posts from April, 2012

Acuity CMS 2.6.x <= Cross Site Scripting

1. OVERVIEWAcuity CMS 2.6.x (ASP-based) versions are vulnerable to Cross Site Scripting.
2. BACKGROUNDAcuity CMS is a powerful but simple, extremely easy to use, low
priced, easy to deploy content management system. It is a leader in
its price and feature class.
3. VULNERABILITY DESCRIPTION"UserName" parameter is not properly sanitized upon submission to the
URL, /admin/login.asp , which allows attacker to conduct Cross Site
Scripting attack. This may allow an attacker to create a specially
crafted URL that would execute arbitrary script code in a victim's
browser.
4. VERSIONS AFFECTEDTested in version 2.6.2.
5. PROOF-OF-CONCEPT/EXPLOIThttp://localhost/admin/login.asp?UserName="><script>prompt(/xss/)</script>
6. SOLUTIONThe Acunity CMS is no longer in active development.
It is recommended to user another CMS in active development and support.
7. VENDORThe Collective
http://www.thecollective.com.au/
8. CREDITAung Khant, http://yehg.net, YGN Ethical Hacker Group, Myan…

Joomla! Plugin - Beatz 1.x <= Multiple Cross Site Scripting Vulnerabilities

1. OVERVIEWBeatz 1.x versions are vulnerable to Cross Site Scripting.
2. BACKGROUNDBeatz is a set of powerful Social Networking Script Joomla! 1.5
plugins that allows you to start your own favourite artist band
website. Although it is just a Joomla! plugin, it comes with full
Joolma! bundle for ease of use and installation.
3. VULNERABILITY DESCRIPTIONMultiple parameters were not properly sanitized upon submission, which
allows attacker to conduct Cross Site Scripting attack. This may allow
an attacker to create a specially crafted URL that would execute
arbitrary script code in a victim's browser. The vulnerable plugins
include: com_find, com_charts and com_videos.
4. VERSIONS AFFECTEDTested in 1.x versions
5. PROOF-OF-CONCEPT/EXPLOIT== Generic Joomla! 1.5 Double Encoding XSShttp://localhost/beatz/?option=com_content&view=frontpage&limitstart=5&%2522%253e%253c%2573%2563%2572%2569%2570%2574%253e%2561%256c%2565%2572%2574%2528%2f%2558%2553%2553%2f%2529%253c%2f%2573%2563%2572%2569%2…

FastPath Webchat | Multiple Cross Site Scripting Vulnerabilities

1. OVERVIEWFastpath WebChat is vulnerable to Cross Site Scripting.
2. BACKGROUNDFastpath WebChat is part of the Fastpath product. It provides a way
for users to begin chatting with support agents using Fastpath.
Fastpath is a plugin of OpenFire, a real time collaboration (RTC)
server for instant messaging. Fastpath provides queuing and routing
for instant messaging to intelligently link people together.
3. VULNERABILITY DESCRIPTIONMultiple parameters were not properly sanitized, which allows attacker
to conduct Cross Site Scripting attack. This may allow an attacker to
create a specially crafted URL that would execute arbitrary script
code in a victim's browser.
4. VERSIONS AFFECTED4.0.0 (released date: Aug 5, 2008)
5. VULNERABLE PARAMETERSFile: webapp/agentinfo.jsp
Parameters: agentName, emailValue, jid, nameValue, titleFile: webapp/chat-ended.jsp
Parameter: workgroupFile: webapp/chatmain.jsp
Parameters: chatID, workgroupFile: webapp/chatroom.jsp
Parameters: email, jid, userNickname, que…