Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] XSS Bug in Jaws Glossary Action: ViewTerm ( v 0.4 - 0.

from [Nah] Network Security [Permanent Link]
Subject: [Full-disclosure] XSS Bug in Jaws Glossary Action: ViewTerm ( v 0.4 - 0.5.1 (latest version))
Date: Sat, 28 May 2005 23:04:18 -0700 
XSS Bug in Jaws Glossary( v 0.4 - 0.5.1 (latest version))

STATUS: The vendor has been contacted, fixed in cvs.

Jaws is a Framework and Content Management System for building dynamic web sites. It aims to be User Friendly
giving ease of use and lots of ways to customize web sites, but at the same time is Developer Friendly,
it offers a simple and powerful framework to hack your own modules.

TECHNICAL INFO
================================================================

The Glossary gadget doesn't filter dangerous characters in the argument view or ViewTerm ( according to the version)
allowing the instertion of items from "<script>alert(document.cookie)</script> to more complex situations.

Example:

v0.5.x:
http://url.com/index.php?gadget=Glossary&action=ViewTerm&term=<script src=some script</script>
v 0.4:
http://url.com/index.php?gadget=Glossary&action=view&term=<script src=some script></script>


An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user.
This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

VULNERABLE VERSIONS
---------------------------------------------------------------
0.4-0.5.1(Latest version)


---------------------------------------------------------------
Contact information
:Paulino Calderon
:nah@suckea.com
:http://nah.suckea.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] XSS Bug in Jaws Glossary Action: ViewTerm ( v 0.4 - 0.5.1 (latest version)), Nah <=
Previous by Date:  [Full-disclosure] ClamAV: Local Privilege Escalation Vulnerability On MacOS [SCN Advisory #04], Tim
Next by Date:  [Full-disclosure] Invision Power Board 1.x and 2.x Privilege Escalation Vulnerability, Rapigator
Previous by Thread:  [Full-disclosure] ClamAV: Local Privilege Escalation Vulnerability On MacOS [SCN Advisory #04], Tim
Next by Thread:  [Full-disclosure] Invision Power Board 1.x and 2.x Privilege Escalation Vulnerability, Rapigator
Indexes:  [Date] [Thread] [Top] [All Lists]