by r0t,der4444,cembo,VietMafia

Tuesday, June 27, 2006

H-Sphere <=2.5.x XSS vuln.

###############################################
Vuln. discovered by : r0t
Date: 27 june 2006
vendor:http://www.psoft.net/h_sphere2_info.html
affected versions:2.5.1 Beta 1 (2.5.1.801.20060621)
and previous
###############################################

Vuln. Description:



H-Sphere contains a flaw that allows a remote Cross-Site Scripting attacks.Input passed to the "next_template","start","curr_menu_id","arid" parameters isn't properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

examples:

http://[host]/psoft/servlet/resadmin/psoft.hsphere.CP
?template_name=mailman/massmail.html&arid=46&curr_
menu_id=&start=&next_template=[XSS]

http://[host]/psoft/servlet/resadmin/psoft.hsphere.CP
?template_name=mailman/massmail.html&arid=46&curr_men
u_id=&start=[XSS]

http://[host]/psoft/servlet/resadmin/psoft.hsphere.CP
?template_name=mailman/massmail.html&arid=46&curr_me
nu_id=[XSS]

http://[host]/psoft/servlet/resadmin/psoft.hsphere.C
P?template_name=mailman/massmail.html&arid=[XSS]

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew