Xplico 0.5.7 – ‘add.ctp’ Cross-Site Scripting (1)

• Exploit Database
• 11 阅读

• 作者： Marcos Garcia & Maximiliano Soler
  日期： 2010-07-02
• 类别：

  • webapps
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/14177/

• Xplico v0.5.7 (add.ctp) Remote XSS Vulnerability
  
  Title: Xplico v0.5.7 (add.ctp) Remote XSS Vulnerability
  Type: Remote
  Impact: Cross-Site Scripting
  Release Date: 02.07.2010
  Release mode: Coordinated release
  
  Summary
  =======
  
  The goal of Xplico is extract from an internet traffic capture the applications
  data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP,
  and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on.
  Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic
  Analysis Tool (NFAT).
  
  Description
  ===========
  
  Xplico is vulnerable to Cross-Site Scripting vulnerability. An attacker can use the
  "POST" to take advantage of this vulnerability, injecting code into the web pages
  viewed by other users.
  
  --------------------------------------------------------------------------------
  
  Detecting vulnerabilities
  - /opt/xplico/xi/app/views/pols/add.ctp:13
  - /opt/xplico/xi/app/views/pols/add.ctp:14
  - /opt/xplico/xi/app/views/sols/add.ctp:10
  
  --------------------------------------------------------------------------------
  
  
  Vendor
  ======
  
  Xplico Team - http://www.xplico.org
  
  
  Affected Version
  ================
  
  0.5.7
  
  PoC
  ===
  
  - /opt/xplico/xi/app/views/pols/add.ctp:13
  echo $form->input('Pol.name',array('maxlength'=> 50, 'size' => '50','label' => 'Case name'));
  
  
  Attack: Case name=[XSS] (POST)
  
  
  Credits
  =======
  
  Vulnerability discovered by Marcos Garcia (@artsweb) and Maximiliano Soler (@maxisoler).
  
  
  Solution
  ========
  
  Upgrade to Xplico v0.5.8 (http://sourceforge.net/projects/xplico/files/)
  
  
  Vendor Status
  =============
  [22.06.2010] Vulnerability discovered.
  [22.06.2010] Vendor informed.
  [22.06.2010] Vendor replied.
  [24.06.2010] Asked vendor for confirmation.
  [24.06.2010] Vendor confirms vulnerability.
  [24.06.2010] Asked vendor for status.
  [24.06.2010] Vendor replied.
  [29.06.2010] Vendor reveals patch release date.
  [29.06.2010] Coordinated public advisory.
  
  
  References
  ==========
  
  [1] http://www.xplico.org/archives/710
  
  
  Changelog
  =========
  
  [02.07.2010] - Initial release
  
  
  Web: http://www.zeroscience.mk
  e-mail: lab@zeroscience.mk