Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormDavid "Aesthetico" Vieira-KurzPACKETSTORM:66295
HistoryMay 13, 2008 - 12:00 a.m.

major_rls52.txt

2008-05-1300:00:00
David "Aesthetico" Vieira-Kurz
packetstormsecurity.com
26
JSON
`[MajorSecurity Advisory #52]ActualAnalyzer family - Cross Site Scripting Issues  
  
Details  
=======  
Product: Actual Analyzer  
Security-Risk: moderated  
Remote-Exploit: yes  
Vendor-URL: http://www.actualscripts.com  
Vendor-Status: informed  
Advisory-Status: published  
  
Credits  
============  
Discovered by: David Vieira-Kurz  
http://www.majorsecurity.de  
  
Affected Products:  
----------------------------  
ActualAnalyzer Server 8.37 and prior  
ActualAnalyzer Gold 7.74 and prior  
ActualAnalyzer Pro 6.95 and prior  
Actual Analyzer Lite 2.78 and prior  
  
Original Advisory:  
============  
http://www.majorsecurity.de/index_2.php?major_rls=major_rls52  
  
Introduction  
============  
ActualAnalyzer is a powerful statistics-gathering and analysis tool for monitoring web site traffic.  
It is equally effective for sites with low and high volumes of traffic  
and provides a wealth of comparative and analytical information.   
  
More Details  
============  
Cross Site Scripting:  
Input passed directly to the "language" parameter in "view.php" is not properly sanitised before being returned to the user.  
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.  
  
PoC:  
=============  
/view.php?&language=>"><script>alert(15031988)</script>  
  
Solution  
=============  
Edit the source code to ensure that input is properly sanitised.  
You should work with "htmlspecialchars()" or "htmlentities()" php-function to ensure that html tags  
and javascript code are not going to be executed.   
  
Example:  
<?php  
$pass = htmlentities($_POST['pass']);  
$test = htmlspecialchars($_GET('test'));  
?>  
  
History/Timeline  
================  
05.05.2008 discovery of the vulnerabilities  
05.05.2008 additional tests with other versions  
07.05.2008 contacted the vendor  
12.05.2008 advisory is written  
13.05.2008 advisory released  
  
MajorSecurity  
================  
MajorSecurity is a German pentest and security research project which focuses   
on web application security.  
You can find more Information on the MajorSecurity Project at  
http://www.majorsecurity.de/pentest.php  
`
JSON