Re: SASHA v0.2.0 Mutiple XSS

---

• From: Henri Salo <henri@xxxxxxx>
• Date: Tue, 20 Dec 2011 00:51:04 +0200

---

On Sun, Dec 18, 2011 at 02:08:19PM -0500, tom wrote:

# Exploit Title: SASHA v0.2.0 Mutiple XSS
# Date: 12/16/11
# Author: G13
# Software Link: http://sourceforge.net/projects/sasha/files/
# Version: 0.2.0
# Category: webapps (php)
#


##### Vulnerability #####

When adding a new course to the schedule, the application relies on
Client Side controls for input. This can easily be bypassed by
using an intercepting proxy or CSRF attack.


##### Affected Variables #####

section_title=[XSS]
instructors=[XSS]

##### POST Data #####

institution=uvm&semester%5Bseason%5D=09&semester%5Byear%5D=2011&schedule_type=0&
subject=math&course=0028&section=test&start_time%5Bhour%5D=8&
start_time%5Bminute%5D=0&start_time%5Bmeridiem%5D=AM&end_time%5Bhour%5D=9&
end_time%5Bminute%5D=0&end_time%5Bmeridiem%5D=AM&parent_schedule_id=&
instructors%5B0%5D=&instructors%5B1%5D=&instructors%5B2%5D=&instructors%5B3%5D=&
instructors%5B4%5D=&instructors%5B5%5D=&section_title=&step=1&next=Next

This seems to be a false-positive in some sense. Variable instructors has stored XSS vulnerability, but section_title doesn't. One can only use this XSS-vulnerability against own account so not an issue. Author of the program will still fix this issue. Tom in my opinion you are doing great work, but please contact developers before announcements. I know this is sometimes waste of time, but you should still do that. In my opinion this doesn't deserve CVE. Please also note that this software is not heavily used as far as developer knew so might be the best not to email bugtraq before fix/patch next time.

More information: https://sourceforge.net/apps/mantisbt/sasha/view.php?id=13

You can also reach them at #sasha-dev in Freenode IRC-network.

- Henri Salo

---

• References:
  • SASHA v0.2.0 Mutiple XSS
    • From: tom

• Prev by Date: [security bulletin] HPSBUX02697 SSRT100591 rev.1 - HP-UX Running Java, Remote Unauthorized Access, Disclosure of Information, and Other Vulnerabilities
• Next by Date: Multiple vulnerabilities in PHPShop CMS Free
• Previous by thread: SASHA v0.2.0 Mutiple XSS
• Next by thread: PHP Booking Calendar 10e XSS
• Index(es):
  • Date
  • Thread

---

Relevant Pages SASHA v0.2.0 Mutiple XSS ... # Software Link: http://sourceforge.net/projects/sasha/files/ ... # Category: webapps (php) ... (Bugtraq) Re: PHP Booking Calendar 10e XSS ... # Category: webapps (php) ... The page_info_message varibale in the details_view.php does not ... (Bugtraq) [Full-disclosure] CVE-2008-5557 - PHP mbstring buffer overflow vulnerability ... CVE-2008-5557 - PHP mbstring buffer overflow vulnerability ... 4.3.0 and later versions including PHP 5 ... A heap buffer overflow was found in mbstring extension that is ... The vulnerability occurs in the part of the encoding conversion facility ... (Full-Disclosure) [Full-disclosure] [ MDVSA-2009:324 ] php ... Package: php ... Multiple vulnerabilities was discovered and corrected in php: ... before 5.2.9 allows remote attackers to cause a denial of service ... Unspecified vulnerability in PHP before 5.2.11 has unknown impact ... (Full-Disclosure) [ MDVSA-2009:324 ] php ... Package: php ... Multiple vulnerabilities was discovered and corrected in php: ... before 5.2.9 allows remote attackers to cause a denial of service ... Unspecified vulnerability in PHP before 5.2.11 has unknown impact ... (Bugtraq)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2011-12