NCH Software Inventoria 3.45 (id param) Reflected Cross-Site Scripting Vulnerability

2014-01-29T00:00:00
ID ZSL-2014-5167
Type zeroscience
Reporter Gjoko Krstic
Modified 2014-01-29T00:00:00

Description

Title: NCH Software Inventoria 3.45 (id param) Reflected Cross-Site Scripting Vulnerability
Advisory ID: ZSL-2014-5167
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 29.01.2014

Summary

Inventoria is a business inventory management and stock control software that allows you to manage and monitor your inventory to help streamline your operations and boost profits.

Description

The application suffers from a reflected XSS issue due to a failure to properly sanitize user-supplied input to the 'id' GET parameter in the 'locdelete' (JSP) script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

Vendor

NCH Software - <http://www.nchsoftware.com>

Affected Version

3.45

Tested On

Microsoft Windows 7 Professional SP1 (EN)

Vendor Status

N/A

PoC

inventoria_xss.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] <http://cxsecurity.com/issue/WLB-2014010205>
[2] <http://packetstormsecurity.com/files/124987>
[3] <http://secunia.com/advisories/56681/>
[4] <http://www.securityfocus.com/bid/65250>
[5] <http://osvdb.org/show/osvdb/102686>

Changelog

[29.01.2014] - Initial release
[30.01.2014] - Added reference [2]
[31.01.2014] - Added reference [3], [4] and [5]

Contact

Zero Science Lab

Web: <http://www.zeroscience.mk>
e-mail: lab@zeroscience.mk

                                        
                                            
NCH Software Inventoria 3.45 (id param) Reflected Cross-Site Scripting Vulnerability


Vendor: NCH Software
Product web page: http://www.nchsoftware.com
Affected version: 3.45

Summary: Inventoria is a business inventory management and stock control
software that allows you to manage and monitor your inventory to help
streamline your operations and boost profits.

Desc: The application suffers from a  reflected XSS issue due to a failure
to properly sanitize user-supplied input to the 'id' GET parameter in the
'locdelete' (JSP) script. Attackers can exploit this weakness to execute
arbitrary HTML and script code in a user's browser session.

Tested on: Microsoft Windows 7 Professional SP1 (EN)


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2014-5167
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5167.php


20.01.2014

--


 - http://zslabws03:1097/locdelete?id=1"&gt;&lt;script&gt;alert(document.cookie);&lt;/script&gt;