Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Cross-Site Scripting in PlumTree?

Cross-Site Scripting in PlumTree?

From: Ed Moyle <emoyle_at_scsnet.csc.com>
Date: Fri, 04 Jan 2002 14:33:04 -0500

Hi.

Anybody know about cross-scripting in PlumTree? I happened to notice this while I was at the plumtree-hosted demonstration site (portal.plumtree.com.) It appears as if plumtree portal ships by default some error page (error.asp) that parrots back the message that appears as part of the request URI. This error page seems to recieve an argument that is a textual description of the error that is shown to the user on the resulting page...

In the below example, <plumtreeserver> should point to the plumtree server (obviously), and <portalname> should be the directory for the portal. For example, you might have a plumtree server called "portal.domain.dom" and the first directory was called "portal"...

http://<plumtreeserver>/<portalname>/common/error.asp?UserID=2&Description=%3CSCRIPT%20LANGUAGE%3DJAVASCRIPT%3Ealert%28%22Cross-Script%22%29%3B%3C/script%3e

(seems to work w/ IE, but is not tested on Netscape.)

Does anybody know if PlumTree has a procedure to fix this posted somewhere?
-E
Received on Jan 04 2002

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos