Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

fuseXSS.txt

🗓️ 05 Aug 2005 00:00:00Reported by N.N.PType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 27 Views

A vulnerability in Fusebox web application framework allows execution of JavaScript leading to potential cookie stealin

Code
`This was discovered by myself over the weekend. I cant find out what  
versions of fusebox this vulnerability is in but seeing as it affects  
the main fusebox page I can only assume it is the latest v4.1.0 and  
possibly some older versions.  
  
According to the Fusebox site,   
  
What is Fusebox?  
Fusebox is a standard framework for building web-based applications.  
  
Basically the "fusebox" takes all requests for actions such as  
searching, login etc etc on a site and passes it off to the relevant  
script (check out their site for more info). Normally you see  
something like  
  
[code]  
http://www.fusebox.org/index.cfm?fuseaction=fusebox.overview[/code]  
  
Basically this vulnerability allows the execution of JS. For example  
  
http://www.site.org/index.cfm?fuseaction="><script>document.location="http://silentcode.net"</script>  
  
Im sure if anyone feels like screwing around with it im sure you'll  
find some other interesting problems with it, the thing is like swiss  
cheese ; )  
  
Comments and critisisms are welcome.  
  
Comments:  
Some sites using fusebox are not vulnerable. It appears to be possible  
to set a standard page for errors and some filter out the script tags.  
Also some will work with redirects and normal alert boxes but will  
filter out document.cookie. In cases like these it often proves useful  
to leave in the actual fuseaction. This helps avoid the error in some  
cases. e.g  
http://www.site.org/index.cfm?fuseaction=fusebox.overview"><script>alert(document.cookie)</script><  
  
Usage:  
The main usage of this vulnerability would be cookie stealing. This is  
achieved by redirecting the user to a php script on a site you control  
with the users cookie as a parameter to the script. Then to avoid  
raising suspicions redirect them back to the page they thought they  
were accessing. Google "cookie stealing" for more info.  
  
Fix:  
Filtering all input to the fusebox correctly should solve this. As  
well as that setting it to surpress errors and having a default error  
page should also help.  
  
Googling for allinurl:/index.cfm?fuseaction= will give you an idea of  
how many sites are possibly vulnerable.  
  
Enjoy,  
NNP  
  
As a side note, if the server isnt set to surpress errors you can get  
some interesting info such as full path disclosure etc by passing in  
special characters such as ?  
  
e.g https://site.com/index.cfm?fuseaction=?  
  
If you want to see an example of what i mean have a look on  
http://silentcode.net/community  
  
I've posted a vulnerable site there.  
--   
http://silentcode.net  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
05 Aug 2005 00:00Current
7.4High risk
Vulners AI Score7.4
fusebox vulnerabilityjavascript executioncookie stealinginput filteringerror suppressionweb application security
27