0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
appRain Quick Start Edition Core Edition Multiple XSS Vulnerabilities
############################################################################## Title : appRain Quick Start Edition Core Edition Multiple Persistence Cross-Site Scripting Vulnerabilities. Author : Antu Sanadi from SecPod Technologies (www.secpod.com) Vendor : http://www.apprain.com/ Advisory : http://secpod.org/blog/?p=215 http://secpod.org/advisories/SECPOD_AppRain_Multiple_XSS.txt Version : appRain 0.1.4-Alpha and appRain-d-0.1.3 Date : 08/07/2011 ############################################################################### SecPod ID: 1015 01/05/2011 Issue Discovered 04/05/2011 Vendor Notified No Response from the Vendor 08/07/2011 Advisory Released Class: Cross-Site Scripting (Persistence) Severity: Medium Overview: --------- appRain 0.1.4-Alpha(Quick Start Edition) and appRain-d-0.1.3 (Core Edition) multiple Persistence Cross-Site Scripting vulnerabilities. Technical Description: ---------------------- i) appRain 0.1.4-Alpha(Quick Start Edition) and appRain-d-0.1.3 (Core Edition) are prone to multiple persistence cross-site scripting vulnerabilities as it fails to properly sanitise user-supplied input. Input passed via the 'ss' parameter in 'search' action is not properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site. This may allow an attacker to steal cookie-based authentication credentials and launch further attacks. ii) Input passed via the 'data[sconfig][site_title]' parameter in '/admin/config/general' action is not properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site. This may allow an authinticated attacker to launch further attacks. NOTE: Authentication is required to exploit this vulnerability. The vulnerability has been tested in appRain 0.1.4-Alpha (Quick Start Edition), appRain-q-0.1.3 (Quick Start Edition), appRain-q-0.1.1 (Quick Start Edition), appRain-d-0.1.3 (Core Edition) and appRain-d-0.1.2 (Core Edition) ,Other versions may also be affected. Impact: -------- Successful exploitation could allow an attacker to execute arbitrary HTML code in a user's browser session in the context of a vulnerable application. Affected Software: ------------------ i) appRain 0.1.4-Alpha (Quick Start Edition) and prior. ii)appRain-d-0.1.3 (Core Edition) and prior. appRain 0.1.4-Alpha (Quick Start Edition) and prior. Tested on, ppRain 0.1.4-Alpha (Quick Start Edition), appRain-q-0.1.3 (Quick Start Edition), appRain-q-0.1.1 (Quick Start Edition), appRain-d-0.1.3 (Core Edition) and appRain-d-0.1.2 (Core Edition) References: ----------- http://www.apprain.com/ http://secpod.org/blog/?p=215 http://secpod.org/advisories/SECPOD_AppRain_Multiple_XSS.txt Proof of Concept: ----------------- POC 1: ----- POST appRainq/search HTTP/1.1 Host: 192.168.1.17 User-Agent: appRain XSS test Content-Type: application/x-www-form-urlencoded Content-Length: 62 Post Data: ---------- ss=</title><script>alert('SECPOD-XSS-TEST')</script> POC 2: ----- NOTE: Authentication is required to exploit this vulnerability. POST appRainq/admin/config/general HTTP/1.1 Host: 192.168.1.17 User-Agent: appRain XSS test Content-Type: application/x-www-form-urlencoded Content-Length:359 Post Data: ---------- data[sconfig][site_title]=<script>alert('SECPOD-XSS-TEST')</script>&data[sconfig][admin_title]=Lipsum&data[sconfig][site_logo_1]=logo.gif&data[sconfig][site_logo_2]=apprain-logo-yellow.gif&data[sconfig][copy_right_text]=xyz&data[sconfig][admin_email]=a@b.com<script type="text/javascript"></script>&Button[button_save]=Save Solution: ---------- Fix not available Risk Factor: ------------- CVSS Score Report: ACCESS_VECTOR = NETWORK ACCESS_COMPLEXITY = MEDIUM AUTHENTICATION = REQUIRE CONFIDENTIALITY_IMPACT = PARTIAL INTEGRITY_IMPACT = PARTIAL AVAILABILITY_IMPACT = NONE EXPLOITABILITY = PROOF_OF_CONCEPT REMEDIATION_LEVEL = UNAVAILABLE REPORT_CONFIDENCE = CONFIRMED CVSS Base Score = 5.5 (MEDIUM) (AV:N/AC:M/Au:S/C:P/I:P/A:N) Credits: -------- Antu Sanadi of SecPod Technologies has been credited with the discovery of this vulnerability. # 0day.today [2024-11-16] #