eTicket 'index.php' Cross Site Scripting Path Vulnerability

2008-02-01 / 2008-02-02
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

________________________________________________________________________ ________ eTicket 'index.php' Cross Site Scripting Path Vulnerability ________________________________________________________________________ ________ Name: eTicket 'index.php' Cross Site Scripting Path Vulnerability Application: eTicket Versions Affected: 1.5.6-RC4 Severity: Medium Vendor: eTicket, http://sourceforge.net/projects/eticket Bug: XSS Path vulnerability Exploitation: Client side, remote Author: Alessandro `jekil` Tanasi email: alessandro (at) tanasi (dot) it [email concealed] web: http://www.tanasi.it Date: 20/01/2008 Advisory: http://www.lonerunners.net/users/jekil/pub/hack-eticket/hack-eticket.txt ________________________________________________________________________ ________ Table of contents: I. Background II. Description III. Analysis IV. Detection V. Fix VI. Vendor Response VII. CVE Information VIII. Disclousure timeline IX. Credits ________________________________________________________________________ ________ I. BACKGROUND eTicket is a PHP-based electronic (open source) support ticket system based on osTicket, that can receive tickets via email (pop3/pipe) or a web form. It also offers a ticket manager with many features. An ideal helpdesk solution for any website. II. DESCRIPTION The application eTicket version 1.5.6-RC4 is prone to a Cross Site Scripting Path vulnerability. III. ANALYSIS Attackers may exploit these issue through a web browser. To exploit the cross-site scripting issues, an attacker must entice an unsuspecting victim into visiting a malicious URI. IV. DETECTION Proof of concept: http://example.com/index.php/"><script>alert('XSS')</script> V. FIX Properly validate user input. VI. VENDOR RESPONSE No vendor response at this time. VII. CVE INFORMATION No CVE at this time. VIII. DISCLOSURE TIMELINE 21012008 Bug discovered 21012008 Vendor contacted IX. CREDIT Alessandro `jekil` Tanasi is credited with the discovery of this vulnerability.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top