H-Sphere <=2.5.x XSS vuln.
###############################################
Vuln. discovered by : r0t
Date: 27 june 2006
vendor:http://www.psoft.net/h_sphere2_info.html
affected versions:2.5.1 Beta 1 (2.5.1.801.20060621)
and previous
###############################################
Vuln. Description:
H-Sphere contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "next_template","start","curr_menu_id","arid" parameters isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
examples:
http://[host]/psoft/servlet/resadmin/psoft.hsphere.CP
?template_name=mailman/massmail.html&arid=46&curr_
menu_id=&start=&next_template=[XSS]
http://[host]/psoft/servlet/resadmin/psoft.hsphere.CP
?template_name=mailman/massmail.html&arid=46&curr_men
u_id=&start=[XSS]
http://[host]/psoft/servlet/resadmin/psoft.hsphere.CP
?template_name=mailman/massmail.html&arid=46&curr_me
nu_id=[XSS]
http://[host]/psoft/servlet/resadmin/psoft.hsphere.C
P?template_name=mailman/massmail.html&arid=[XSS]
###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/
r0t at 05:34
0 Comments:
Post a Comment
<< Home