Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: [SePro Bugtraq] WBB Portal - JGS-Portal <= 3.0.2 - Multiple Vulnerabilities (09.05.05)
From: <deluxe () security-project org>
Date: 19 May 2005 11:57:11 -0000

In-Reply-To: <200505172151.j4HLpThM004829 () linus mitre org>

Cross Site Scripting:
-------------------------
You can abuse the SQL-Injections for XSS attacks.

Does this occur because the XSS-style attacks are being injected into
SQL queries, which then generate errors because the queries are
malformed, and then PHP blindly reflects the malformed query back to
the user without quoting XSS-relevant characters?  That would seem to
be more of a problem with the application's runtime environment
(i.e. PHP) than JGS-Portal itself.

Try the following link:
/jgs_portal_statistik.php?meinaction=mitglieder&month=1&year=1&lt;script&gt;alert(document.cookie);&lt;/script&gt;

JGS-Portal doesn't report an error and the year parameter is passed unfiltered. This is definitively the problem of 
JGS-Portal.


If a SQL-error occurs and the error message contains Cross Site Scripting code, than you're completely right.


Regards,
deluxe


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault