osTicket user_login.php e Variable XSS

2005-05-02T10:15:32
ID OSVDB:16273
Type osvdb
Reporter James Bercegay()
Modified 2005-05-02T10:15:32

Description

Vulnerability Description

osTicket contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'e' variable upon submission to the user_login.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Upgrade to version 1.3.1 or higher, as it has been reported to fix this vulnerability. In addition, osTicket.com has released a patch for some older versions.

Short Description

osTicket contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'e' variable upon submission to the user_login.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[victim]/include/user_login.php?e=asdf[XSS]

References:

Vendor URL: http://www.osticket.com/ Security Tracker: 1013869 Secunia Advisory ID:15216 Related OSVDB ID: 16275 Related OSVDB ID: 16277 Related OSVDB ID: 16271 Related OSVDB ID: 16274 Related OSVDB ID: 16276 Related OSVDB ID: 16278 Related OSVDB ID: 16279 Related OSVDB ID: 16270 Related OSVDB ID: 16272 Other Advisory URL: http://www.gulftech.org/?node=research&article_id=00071-05022005 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0051.html