Kongreg8 1.7.3 Mutiple XSS



# Exploit Title: Kongreg8 1.7.3 Mutiple XSS
# Date: 02/24/12
# Author: G13
# Software Link: https://sourceforge.net/projects/kongreg8/
# Version: 1.7.3
# Category: webapps (php)
#

##### Vulnerability #####

Kongreg8 1.7.3 has multiple XSS vulnerabilites. These vulnerabilities
are in the Add Member and Add Group functions. These are presistent
XSS vulnerabilities.

The script command can be added right on the page; there is no client
or server side validation on these fields.

##### Vendor Notification #####

02/19/12 - Vendor Notified
02/24/12 - Disclosure

##### Affected Variables #####

Add Member:

surname=[XSS]
firstname=[XSS]

Add Group:

groupdescription=[XSS]
groupname=[XSS]



Relevant Pages

  • RE: [Full-disclosure] RE:DONT SEND ME AGAIN PLS
    ... XSS vulnerabilities in Google.com ... XSS vulnerabilities in Google.com (GroundZero Security) ... It lists the folks that they might ...
    (Full-Disclosure)
  • Re: [Full-disclosure] XSS vulnerabilities in Google.com
    ... XSS will always remain part of the Full-Disclosure list if little ... > are we starting to post vulnerabilities in specific websites now rather than ... when using UTF-7 encoded payloads. ... > The server response lacks charset encoding enforcement, ...
    (Full-Disclosure)
  • Re: [Full-disclosure] XSS vulnerabilities via errors at requests to DB
    ... Let's continue a series of my articles about the most common places of XSS. ... Earlier I wrote already about XSS vulnerabilities at 404 pages ... in messages about errors at requests to databases (XSS via SQL Error). ... needed to use not script tag, but body tag to conduct XSS attack, so the ...
    (Full-Disclosure)
  • Re: [Full-disclosure] XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django an
    ... There are two XSS holes, as I've wrote in my first advisory about XSS ... vulnerabilities in ZeroClipboard. ... web sites with any of two swf-files. ... The first I've informed developers about these issues. ...
    (Full-Disclosure)
  • [Full-disclosure] Vulnerabilities in jPlayer
    ... These are Cross-Site Scripting and Content Spoofing and vulnerabilities in jPlayer. ... Version 2.2.23 and the last released version 2.3.0 are not vulnerable to mentioned XSS, except CS via JS and XSS via JS callbacks. ... Also there are other bypass methods which work in version 2.3.0, but the developers haven't fixed them besides attack via alert. ...
    (Full-Disclosure)