SASHA v0.2.0 Mutiple XSS

From: tom <tom@xxxxxxxxxx>
Date: Sun, 18 Dec 2011 14:08:19 -0500

# Exploit Title: SASHA v0.2.0 Mutiple XSS
# Date: 12/16/11
# Author: G13
# Software Link: http://sourceforge.net/projects/sasha/files/
# Version: 0.2.0
# Category: webapps (php)
#

##### Vulnerability #####

When adding a new course to the schedule, the application relies on Client Side controls for input. This can easily be bypassed by using an intercepting proxy or CSRF attack.

##### Affected Variables #####

section_title=[XSS]
instructors=[XSS]

##### POST Data #####

institution=uvm&semester%5Bseason%5D=09&semester%5Byear%5D=2011&schedule_type=0&
subject=math&course=0028&section=test&start_time%5Bhour%5D=8&
start_time%5Bminute%5D=0&start_time%5Bmeridiem%5D=AM&end_time%5Bhour%5D=9&
end_time%5Bminute%5D=0&end_time%5Bmeridiem%5D=AM&parent_schedule_id=&
instructors%5B0%5D=&instructors%5B1%5D=&instructors%5B2%5D=&instructors%5B3%5D=&
instructors%5B4%5D=&instructors%5B5%5D=&section_title=&step=1&next=Next

Follow-Ups:
- Re: SASHA v0.2.0 Mutiple XSS
  - From: Henri Salo

Prev by Date: appRain CMF v0.1.5 - Multiple Web Vulnerabilities
Next by Date: PHP Booking Calendar 10e XSS
Previous by thread: appRain CMF v0.1.5 - Multiple Web Vulnerabilities
Next by thread: Re: SASHA v0.2.0 Mutiple XSS
Index(es):
- Date
- Thread

Relevant Pages

Re: SASHA v0.2.0 Mutiple XSS
... # Software Link: http://sourceforge.net/projects/sasha/files/ ... # Category: webapps (php) ...
(Bugtraq)
Re: PHP Booking Calendar 10e XSS
... # Category: webapps (php) ... The page_info_message varibale in the details_view.php does not ...
(Bugtraq)
[Full-disclosure] CVE-2008-5557 - PHP mbstring buffer overflow vulnerability
... CVE-2008-5557 - PHP mbstring buffer overflow vulnerability ... 4.3.0 and later versions including PHP 5 ... A heap buffer overflow was found in mbstring extension that is ... The vulnerability occurs in the part of the encoding conversion facility ...
(Full-Disclosure)
[Full-disclosure] [ MDVSA-2009:324 ] php
... Package: php ... Multiple vulnerabilities was discovered and corrected in php: ... before 5.2.9 allows remote attackers to cause a denial of service ... Unspecified vulnerability in PHP before 5.2.11 has unknown impact ...
(Full-Disclosure)
[ MDVSA-2009:324 ] php
... Package: php ... Multiple vulnerabilities was discovered and corrected in php: ... before 5.2.9 allows remote attackers to cause a denial of service ... Unspecified vulnerability in PHP before 5.2.11 has unknown impact ...
(Bugtraq)