Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Mitridat Form Processor Pro XSS

from [Charles Kim] Network Security [Permanent Link]
Subject: Mitridat Form Processor Pro XSS
Date: Wed, 25 Jul 2007 10:13:25 -0700 
Greetings,

I have discovered cross-site scripting vulnerability in Mitridat's
Form Processor Pro.

http://www.mitridat.com/
http://www.mitridat.com/products-form-processor-pro.html

Form Mail: Email Form Processor Pro™ - process all forms on your website
Form Mail: Email Form Processor Pro is the most powerful script to
process forms on your website. The script is available in

PHP, Perl and ASP versions. No programming knowledge needed to install
this script and configure your forms to work with it.

One script can handle unlimited amount of any sophisticated forms. You
have full layout and design control. The script is

featured with:

   * auto responder;
   * "preview" and "thank you" pages;
   * supports attachments, calculations, "if" condition, variable
field validations, html emails;
   * supports multiple pages forms, database data storing and much
more features!


Operating system and software installed.
-Apache 1.3.37
-Form Mail: eMail Form Processor Pro (c) 2000-2003 MitriDAT
-The date stamp for this product is year 2000-2003.
-Mitridat's customer demo on their website has the same date stamp.

How the vulnerability can be reproduced
-A HTTP POST to the following parameters with either an IFRAME or SCRIPT tag.
base_path=

What impact the vulnerability has on the vulnerable system?
By enticing a user to click on a crafted url, an attacker can execute
arbitrary script code on the victim's browser.

Any additional details that might help in the verification process.
This initial discovery was on a customer running Mitridat's Form
Processor Pro.  I was then able to verify the parameter by looking up
Mitridat's website and verifying the xss from their public demo.

Mitridat has demo's of the Form Processor Pro for public view.
http://www.mitridat.com/products-form-processor-pro.html
http://www.email-form.com/online-demo.html

Here are tested POSTs I've done on Mitridat's public internet demo's.

URL
http://www.email-form.com/sample-forms/simple-contact-form-with-preview/simple-contact-form-with-preview.html

POST
base_path=<iframe
src=/>&r_Name=&Company-Name=&re_eMail=&Web-Site-URL=http%3A%2F%2F&r_Country=&Phone=&Fax=&r_Subject=&r_Message=&ok2.x=39&ok2.y=13

POST
base_path=<script>alert(1111)</script>&r_Name=&Company-Name=&re_eMail=&Web-Site-URL=http%3A%2F%2F&r_Country=&Phone=&Fax=&r_Subject=&r_Message=&ok2.x=17&ok2.y=6



Charles H Kim

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Mitridat Form Processor Pro XSS, Charles Kim <=
Previous by Date:  [CAID 35527]: CA Message Queuing (CAM / CAFT) Buffer Overflow Vulnerability, Williams, James K
Next by Date:  [Full-disclosure] Mozilla protocol abuse, Thor Larholm
Previous by Thread:  [CAID 35527]: CA Message Queuing (CAM / CAFT) Buffer Overflow Vulnerability, Williams, James K
Next by Thread:  [Full-disclosure] Mozilla protocol abuse, Thor Larholm
Indexes:  [Date] [Thread] [Top] [All Lists]