[ZendTo] XSS
Der PCFreak
mailinglists at pcfreak.de
Wed Mar 2 13:09:53 GMT 2016
Hi,
Barracuda offers their "Barracuda Vulnerability Manager" for free at the
moment and I tested it.
https://bvm.barracudanetworks.com/
Here some of the results pointed at my ZendTo installation:
Reflected Cross-Site Scripting
==============================
https://your.url.tld/pickup.php
Issue Detail
The emailAddr parameter was submitted with the value
"--><script>prompt(12345)</script>lNYCi<!--, and the string was echoed
verbatim in the output, showing that there is a reflected XSS vulnerability.
https://your.url.tld/pickup.php
Issue Detail
The auth parameter was submitted with the value
"--><script>prompt(12345)</script>HyNzQ<!--, and the string was echoed
verbatim in the output, showing that there is a reflected XSS vulnerability.
https://your.url.tld/pickup.php
Issue Detail
The emailAddr parameter was submitted with the value
"--><script>prompt(12345)</script>x7RXs<!--, and the string was echoed
verbatim in the output, showing that there is a reflected XSS vulnerability.
https://your.url.tld/pickup.php
Issue Detail
The auth parameter was submitted with the value
"--><script>prompt(12345)</script>WqYcq<!--, and the string was echoed
verbatim in the output, showing that there is a reflected XSS vulnerability.
HTML-Injection
==============
https://your.url.tld/pickup.php
Issue Detail
The emailAddr parameter was submitted with the value <h1>tjkgr</h1>, and
this value was echoed back verbatim in the resulting page.
https://your.url.tld/pickup.php
Issue Detail
The auth parameter was submitted with the value <h1>xt90x</h1>, and this
value was echoed back verbatim in the resulting page.
https://your.url.tld/pickup.php
Issue Detail
The emailAddr parameter was submitted with the value <h1>zrjja</h1>, and
this value was echoed back verbatim in the resulting page.
View Full HTTP Request and Response
https://your.url.tld/pickup.php
Issue Detail
The auth parameter was submitted with the value <h1>anhxx</h1>, and this
value was echoed back verbatim in the resulting page.
Kind regards
PCFreak
On 01.03.2016 20:14, Chris Venter wrote:
> Hi
>
> Our security audit has highlighted a possible reflected cross site
> scripting error on the pickup.php page,to test we ran
>
> https://server_name/pickup/php?emailAddr=test" /><script>alert('XSS
> Test')</script>
>
> Can anyone else confirm if this is an issue?
>
> Thanks
> CJ
>
>
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20160302/c8e8792e/attachment.html
More information about the ZendTo
mailing list