by r0t,der4444,cembo,VietMafia

Monday, March 27, 2006

Connect Daily Multiple XSS vuln.

Connect Daily Web Calendar Software Multiple XSS vuln.


###############################################
Vuln. discovered by : r0t
Date: 27 march 2006
vendor:http://www.mhsoftware.com/connectdaily.htm
affected versions:3.2.9 and prior
###############################################

Vuln. description:



Connect Daily Web Calendar Software contains a flaw that allows a remote cross site scripting attack.
This flaw exists because input passed to:
a.) "calendar_id","style_sheet","start" parameters in "ViewDay.html" ,
b.) "txtSearch","opgSearch" parameters in "ViewSearch.html" ,
c.) "calendar_id","approved" parameters in "ViewYear.html" ,
d.) "item_type_id" parameter in "ViewCal.html" ,
e.) "week" parameter in "ViewWeek.html" ,
isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.




/ViewDay.html?start=2453810&&integral=0&style_sheet=
userStyle.css&dropdown=1&show_stop=0&show_resources=
0&calendar_id=[XSS]

/ViewDay.html?start=2453810&&integral=0&style_sheet=[XSS]

/ViewDay.html?start=[XSS]

/ViewCal.html?item_type_id=[XSS]

/ViewSearch.html?integral=0&show_stop=0&show_resourc
es=0&criteria=calendar_id%3D34&txtSearch=[XSS]

/ViewSearch.html?integral=0&show_stop=0&show_resourc
es=0&criteria=calendar_id%3D34&txtSearch=&opgFields=
1&opgSearch=[XSS]

/ViewSearch.html?integral=0&show_stop=0&show_resourc
es=0&criteria=calendar_id%3D34&txtSearch=&opgFields=[XSS]

/ViewYear.html?n=1&dropdown=1&integral=0&approved=1
&show_stop=0&show_resources=0&calendar_id=[XSS]

/ViewYear.html?n=1&dropdown=1&integral=0&approved=[XSS]

/ViewWeek.html?year=2006&week=[XSS]

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew