by r0t,der4444,cembo,VietMafia

Thursday, December 15, 2005

Atlant Pro XSS vuln.

Atlant Pro XSS vuln.

Vuln. discovered by : r0t
Date: 15 dec. 2005
vendor:http://www.atlantpro.com/
affected version: 8.09 and prior


Product Description:

Atlant Pro can work with plain text or MySQL databases. Script supports fee based membership sign up with real-time credit card processing. Some classifieds abilities (submitting ads, sending privacy mail to ad owners, viewing ads ) can be specified for using only by members. Before ads appear in the index admin can optionally moderate ad submissions. Users can place ads with many photos, preview photo and multimedia file. Password protected editing, renewing, deleting of ads. Powerful database searching capabilities with many criteria. Users can subscribe for mail list with special criteria. HTML Templates. Admin. can specify high priority level and comments for some ads. Anti-Spamming Features. For each category a set of ad fields (such as price, city, age, area, etc.) can be specified. Try the free version to see how it works !


Vuln. Description:

Atlant Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "before" "ct" paremters isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.


examples:

/atl.cgi?ct=a8&md=search&brf=&before=
%22%3E%3Cscript%3Ealert('r0t')%3C/scr
ipt%3E

/atl.cgi?ct=%22%3E%3Cscript%3Ealert
('r0t')%3C/script%3E

Solution:
Edit the source code to ensure that input is properly sanitised.

1 Comments:

Blogger Credit Center told...

Hi thanks for your blog, I liked it! I also have a blog/site about credit cards for bad credit that covers credit cards for bad credit related stuff. Please feel free to visit.

7:03 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew