| | ||| |||
| | | |
| || || By: gamr | | | |
| | ||| ||_|
Product - Banner Student System by SunGard Specific Page - http://www.EXAMPLE.com/PATH/twbkwbis.P_SecurityQuestion (Change Security Question) Version - 7.4 / earlier versions could be effected also Product URL - http://www.sungardhe.com/Products/Product.aspx?id=1024 Bug Type - Cross Site Scripting (XSS) Discovery Date - 04/06/2009 Notification Date - 04/06/2009
Author - gmar Website - yougotxssed.com
Students that use this system could inject malicious code into the "New Question: " field (NAME="question"). When saving the changes, the system does not strip out HTML entities.
Enter ANY html into the "New Question" field and hit submit. Logout and then go to the login screen again. Enter in your username and hit forget password.
Sanitize the user input in all fields to make sure there is no unwanted characters ( html entities ). You could encode them on POST.