Xplico 0.5.7 – ‘add.ctp’ Cross-Site Scripting (1)

• Exploit Database
• 126 阅读

• 作者： Marcos Garcia & Maximiliano Soler
  日期： 2010-07-02
• 类别：

  • webapps
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/14177/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95

  Xplico v0.5.7 (add.ctp) Remote XSS Vulnerability   Title: Xplico v0.5.7 (add.ctp) Remote XSS Vulnerability Type: Remote Impact: Cross-Site Scripting Release Date: 02.07.2010 Release mode: Coordinated release   Summary =======   The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).   Description ===========   Xplico is vulnerable to Cross-Site Scripting vulnerability. An attacker can use the "POST" to take advantage of this vulnerability, injecting code into the web pages viewed by other users.   --------------------------------------------------------------------------------   Detecting vulnerabilities - /opt/xplico/xi/app/views/pols/add.ctp:13 - /opt/xplico/xi/app/views/pols/add.ctp:14 - /opt/xplico/xi/app/views/sols/add.ctp:10   --------------------------------------------------------------------------------     Vendor ======   Xplico Team - http://www.xplico.org     Affected Version ================   0.5.7   PoC ===   - /opt/xplico/xi/app/views/pols/add.ctp:13 echo $form->input('Pol.name',array('maxlength'=> 50, 'size' => '50','label' => 'Case name'));     Attack: Case name=[XSS] (POST)     Credits =======   Vulnerability discovered by Marcos Garcia (@artsweb) and Maximiliano Soler (@maxisoler).     Solution ========   Upgrade to Xplico v0.5.8 (http://sourceforge.net/projects/xplico/files/)     Vendor Status ============= [22.06.2010] Vulnerability discovered. [22.06.2010] Vendor informed. [22.06.2010] Vendor replied. [24.06.2010] Asked vendor for confirmation. [24.06.2010] Vendor confirms vulnerability. [24.06.2010] Asked vendor for status. [24.06.2010] Vendor replied. [29.06.2010] Vendor reveals patch release date. [29.06.2010] Coordinated public advisory.     References ==========   [1] http://www.xplico.org/archives/710     Changelog =========   [02.07.2010] - Initial release     Web: http://www.zeroscience.mk e-mail: lab@zeroscience.mk