Google Urchin password theft madness

2007.09.27

Credit: pagvac

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2007-5112

CWE: CWE-79

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
There is a trivially exploitable XSS vul on Google Urchin Web Analytics
5's login page. The vulnerability has been tested on versions 5.6.00r2,
v5.7.01, 5.7.02 and 5.7.03 (latest). Previous versions are most likely
to be affected as well.
I know that you're sick of XSS PoCs that only open alert boxes. So I
crafted a exploit URL that will steal the victim's username and password
by simply clicking on it:
http://www.gnucitizen.org/blog/google-urchin-password-theft-madness
PS: demo video included!
- --
pagvac
[http://gnucitizen.org, http://ikwt.com/]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)
iD8DBQFG9//fjXB4hX6OC/cRAnchAJ4k9U4i8ZW1Cf8CjbNuivYlCHqjCQCeIVyj
oZ2fz06792VVGEkfpPwjCMs=
=Uz1y
-----END PGP SIGNATURE-----

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Google Urchin password theft madness

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.