what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

iTop Cross Site Scripting

iTop Cross Site Scripting
Posted Jan 23, 2013
Authored by Stephan Rickauer | Site csnc.ch

iTop from Combodo suffers from a cross site scripting vulnerability. All trunk revisions prior to 2589 are affected.

tags | advisory, xss
advisories | CVE-2013-0805
SHA-256 | 90232c5bf04fbe0246837a2afea462fe74f1d981ab58938eec4e281605ec4ef4

iTop Cross Site Scripting

Change Mirror Download
#############################################################
#
# COMPASS SECURITY ADVISORY http://www.csnc.ch/
#
#############################################################
#
# CVE ID : CVE-2013-0805
# CSNC ID: CSNC-2013-001
# Product: iTop
# Vendor: Combodo
# Subject: Cross-site Scripting - XSS
# Risk: High
# Effect: Remotely exploitable
# Author: Stephan Rickauer (stephan.rickauer _at_ csnc.ch)
# Date: January 23rd 2013
#
#############################################################


Introduction:
-------------
Compass Security discovered a security flaw in the iTop web application.


Vulnerable:
-----------
All iTop versions older than:
* trunk revision 2589
* branches/1.2.1, revision 2587
* branches/1.2, revision 2588
* branches/2.0, revision 2590


Not vulnerable:
---------------
unknown


Patches:
--------
Patches have been commited to the SourceForge Trac by the vendor with
respect
to all affected versions. Modified files: pages/UI.php and
pages/run_query.php


Fix:
----
Thoroughly encode all user input properly on output.


Description:
------------
The iTop search feature displays the term entered by the user. However, that
very output of the user's input happens mostly un-encoded. The implemented
mitigation step of only encoding < as part of a script tag is inadequate and
can be easily bypassed. Exploiting this vulnerability will lead to so-called
cross-site scripting (XSS) and allows the impersonation of logged-in iTop
users.


Milestones:
-----------
January 4th, Vulnerability discovered
January 4th, Vendor contact established
January 7th, Vendor provided with technical details
January 7th, Vendor acknowledged issue (support _at_ combodo.com)
January 15th, CVE assigned and vendor notified
January 23rd, Patch committed in all main branches of the iTop project
by vendor
January 23rd, Public release of advisory


References:
-----------
XSS reference:
http://en.wikipedia.org/wiki/Cross-site_scripting
Cross-site scripting (XSS) is a type of computer security vulnerability
typically found in web applications which allow code injection by malicious
web users into the web pages viewed by other users. Examples of such code
include HTML code and client-side scripts. An exploited cross-site scripting
vulnerability can be used by attackers to bypass access controls such as the
same origin policy. Recently, vulnerabilities of this kind have been
exploited
to craft powerful phishing attacks and browser exploits. Cross-site
scripting
was originally referred to as CSS, although this usage has been largely
discontinued.

iTop reference:
http://www.combodo.com/iTop-a-new-generation-of-IT.html

Provided evidence:
- Two screenshots
- XSS attack code
- copy of html page showing unencoded output


Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close