XXS in SCT email client

2004-10-15T00:00:00
ID SECURITYVULNS:DOC:7000
Type securityvulns
Reporter Securityvulns
Modified 2004-10-15T00:00:00

Description

Vendor : SCT URL : http://www.SCT.com/ Version: Campus Pipeline Risk : Cross site scripting

Description: Fusetalk SCT Campus Pipeline is the Web platform of choice at over 175 institutions. It improves efficiency, builds community, and provides freedom of choice by integrating disparate systems and applications into a unified whole. SCT Campus Pipeline provides an institution's constituents - students, faculty, administration, and alumni - with centralized Web access to information, services, and communities.

Cross site scripting: when passing a url to the script /cp/render.UserLayoutRootNode.uP?uP_tparam=utf&utf=????? You can easily highjack a users session

Solution: only allow onsite urls. or make specific exceptions for those that arnt

Credits: Credits goto my loving fiance, you push me todo things i never thought possible.

Exploit: This is exploited by passing a foreign url to the utf variable in the http://one.drexel.edu/cp/render.UserLayoutRootNode.uP?uP_tparam=utf <http://one.drexel.edu/cp/render.UserLayoutRootNode.uP?uP_tparam=utf&utf > &utf= script.

Spiffomatic64 Hacking is an art-form