Open Business Management company_index.php Multiple Variable XSS

2006-06-06T09:07:56
ID OSVDB:26202
Type osvdb
Reporter r0t(krustevs@googlemail.com)
Modified 2006-06-06T09:07:56

Description

Vulnerability Description

Open Business Management (OBM) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'tf_datebefore' or 'tf_dateafter' variables upon submission to the company_index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Open Business Management (OBM) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'tf_datebefore' or 'tf_dateafter' variables upon submission to the company_index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Manual Testing Notes

http://[target]/company/company_index.php?action=search&tf_name=&tf_phone=&sel_kind=&sel_cat=&tf_cat_code=&cb_cat_tree=&sel_act=&sel_naf=&tf_zip=&cb_archive=&sel_market=&tf_town=&sel_ctry=&sel_dsrc=&tf_dateafter=&tf_datebefore=[XSS] http://[target]/company/company_index.php?action=search&tf_name=&tf_phone=&sel_kind=&sel_cat=&tf_cat_code=&cb_cat_tree=&sel_act=&sel_naf=&tf_zip=&cb_archive=&sel_market=&tf_town=&sel_ctry=&sel_dsrc=&tf_dateafter=[XSS]

References:

Vendor URL: http://obm.aliacom.fr/ Secunia Advisory ID:20486 Related OSVDB ID: 26199 Related OSVDB ID: 26200 Related OSVDB ID: 26201 Related OSVDB ID: 26198 Related OSVDB ID: 26203 Other Advisory URL: http://pridels.blogspot.com/2006/06/obm-multiple-sql-inj-and-xss-vuln.html ISS X-Force ID: 27031 CVE-2006-3009 Bugtraq ID: 18348