Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Liferay Cross Site Scripting Flaw

from [michael young] Network Security [Permanent Link]
Subject: Re: Liferay Cross Site Scripting Flaw
Date: 25 Nov 2004 16:27:53 -0000 
In-Reply-To: <A2A3422FEEB89D4DBFDF7692B7C737BACED1@mshyd2.hyd.deshaw.com>

The scripting flaw as been fixed as of version 2.2.0 release 10/1/2004. We urge 
all parties to upgrade their deployments. 


Received: (qmail 21320 invoked from network); 22 May 2004 22:20:19 -0000
Received: from outgoing.securityfocus.com (HELO outgoing2.securityfocus.com) 
(205.206.231.26)
 by mail.securityfocus.com with SMTP; 22 May 2004 22:20:19 -0000
Received: from lists2.securityfocus.com (lists2.securityfocus.com 
[205.206.231.20])
      by outgoing2.securityfocus.com (Postfix) with QMQP
      id 88099143702; Sun, 23 May 2004 00:22:47 -0600 (MDT)
Mailing-List: contact bugtraq-help@securityfocus.com; run by ezmlm
Precedence: bulk
List-Id: <bugtraq.list-id.securityfocus.com>
List-Post: <mailto:bugtraq@securityfocus.com>
List-Help: <mailto:bugtraq-help@securityfocus.com>
List-Unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
List-Subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
Delivered-To: mailing list bugtraq@securityfocus.com
Delivered-To: moderator for bugtraq@securityfocus.com
Received: (qmail 6451 invoked from network); 22 May 2004 04:15:04 -0000
content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
      charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-MimeOLE: Produced By Microsoft Exchange V6.0.6487.1
Subject: Liferay Cross Site Scripting Flaw
Date: Sat, 22 May 2004 16:00:27 +0530
Message-ID: <A2A3422FEEB89D4DBFDF7692B7C737BACED1@mshyd2.hyd.deshaw.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: Liferay Cross Site Scripting Flaw
Thread-Index: AcPmpUmE91+L5WoMTe2EuP69XNlV6BZO3dmg
From: "Giri, Sandeep" <giris@deshaw.com>
To: <bugtraq@securityfocus.com>

Advisory Name: Liferay Cross Site Scripting flaw
Release Date: 05/22/2004
 Application: Liferay (www.liferay.com)
      Author: Sandeep Giri
Vendor Status: Notified ( 4 months ago)

Overview:
(Taken from http://www.liferay.com/products/index.jsp)

Liferay Enterprise Portal was designed to:

Provide organizations with a single sign-on web interface for email,
document=20
management, message board, and other useful communication tools.
Multiple=20
authentication schemes (LDAP or SQL) are pooled together so users don't
have=20
to remember a different login and password for every section of the
portal.
...

Details:

Liferay is prone to cross site scripting flaw. Almost all the fields
that takes=20
input from one user and are displayed on another user's screen can be
tricked to=20
execute java script code.

Test:
Add a message with subject &lt;script&gt;history.go(-1)&lt;/script&gt;
Now, no user can see message board.

Vendor Response:
Vendor was notified on 14/01/2004. No fix have been released yet.


Recommendation:

While saving or displaying the data:
replace &,<,> etc with &amp;,&lt; and &gt; respectively.


Regards,
Sandeep Giri
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: Liferay Cross Site Scripting Flaw, michael young <=
Previous by Date:  [Full-Disclosure] More Browser on Macosx flaws: nested array sort() loop Stack overflow exception, Marco Mella
Next by Date:  EZshopper is still vulnerable against Directory Traversal., Zero_X www.lobnan.de Team
Previous by Thread:  [Full-Disclosure] More Browser on Macosx flaws: nested array sort() loop Stack overflow exception, Marco Mella
Next by Thread:  EZshopper is still vulnerable against Directory Traversal., Zero_X www.lobnan.de Team
Indexes:  [Date] [Thread] [Top] [All Lists]