0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
TAO Open Source Assessment Platform 3.3.0 RC2 Cross Site Scripting Vulnerability
[=======================================================================
title: Multiple XSS vulnerabilities
product: TAO Open Source Assessment Platform
vulnerable version: 3.3.0 RC2
fixed version: -
CVE number: -
impact: medium
homepage: https://www.taotesting.com/product/community/
by: David Haintz
SEC Consult Vulnerability Lab
An integrated part of SEC Consult
Europe | Asia | North America
https://www.sec-consult.com
=======================================================================
Vendor description:
-------------------
"The Next Generation Open Source Assessment Solution -
Say goodbye to technical complexity and yet another IT project. Say hello to an
all-in-one assessment solution. Easily tap into the power of open source, single
sign-on and LTI. Open source means open possibilities so you can benefit from
the ideas of the expert assessment community."
Source: https://www.taotesting.com/product/
Business recommendation:
------------------------
The vendor did not respond to our communication attempts, hence no patch is
available.
An in-depth security analysis performed by security professionals is
highly advised, as the software may be affected from further security
issues.
Vulnerability overview/description:
-----------------------------------
1) Multiple XSS vulnerabilities
Several pages lack input validation within the URL that is output into the
action attribute of a form. An attacker can break out of the string
and add custom JavaScript events to several forms. Additionally, the error
page also lacks filtering user input / output.
Proof of concept:
-----------------
1) Multiple XSS vulnerabilities
a) XSS in URL for form action attributes
If a victim accesses the following link and enters their credentials, an alert
shows the entered password:
[ removed PoC from advisory ]
Since chars like " or < and > are filtered in this case, a string had to be built
by using char codes and JavaScript's String.fromCharCode(). The same pattern
works for many other paths too. Following additional paths were also found to be
vulnerable:
[ removed PoC from advisory ]
b) XSS in error page
The internal error page also lacks input/output validation. The following URL
generates a website opening a message box showing the current location without
any filtering:
[ removed PoC from advisory ]
Vulnerable / tested versions:
-----------------------------
The following version has been tested, which was the most recent one at the time
of the test:
* 3.3.0 RC2
# 0day.today [2024-07-05] #