what you don't know can hurt you

ocPortal 9.0.16 Cross Site Scripting

ocPortal 9.0.16 Cross Site Scripting
Posted Mar 9, 2015
Authored by Dennis Veninga

ocPortal version 9.0.16 suffers from multiple cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
MD5 | b5929b5ae8aa78559e6a5ed359bffdbc

ocPortal 9.0.16 Cross Site Scripting

Change Mirror Download
# Exploit Title: ocPortal 9.0.16 Multiply XSS Vulnerabilities
# Google Dork: "Copyright (c) ocPortal 2011 "
# Date: 26-2-2015
# Exploit Author: Dennis Veninga
# Vendor Homepage: http://ocportal.com/
# Vendor contacted: 22-2-2015
# Fix: http://ocportal.com/site/news/view/security_issues/xss-vulnerability-patch.htm
# Version: 9.0.16
# Tested on: Firefox 36 & Chrome 38 / W8.1-x64

ocPortal ->
Version: 9.0.16
Type: XSS
Severity: Critical
Info Exploit: There are MANY possibilities to execute XSS on the new released ocPortal.

All XSS attacks are done by a new registered user, so no extra rights are given. It's all standard.

#######################################################
Events/Calendar, vulnerable to XSS attack:
URL: http://{target}/ocportal/cms/index.php?page=cms_calendar&type=ad
Title & text field, enter XSS code in both fields. Somewhere else the title XSS is executed, and elsewhere the Text/info XSS code is executed.

When entering an XSS attack, on the events page, when mouse-over the just made event, it also reproduces an XSS.
URL: http://{target}/ocportal/index.php?page=calendar&type=misc&id=2015-02&view=month
XSS Vulnerability on the events which ALSO affects the Admin Panel, when Admin visits the panel and wants to edit it.
#######################################################

Poll, vulnerable to XSS-attack.
URL: http://{yourwebsite}/ocportal/cms/index.php?page=cms_polls&type=ad
Just fill some XSS-code into the fields. Publish and see the result
#######################################################

Forum, vulnerable to XSS-attack
URL: http://{target}/ocportal/forum/index.php?page=topics&type=new_topic&id=2

Creating a new topic with all the fields XSS-ed, performs the XSS attack when an user is browsing the homepage.
This is happening when the active topics are shown on the index page.
But on the forum page itself, it isn't working.
#######################################################

New PT (private topic/private message), vulnerable to XSS-attack
URL: http://{target}/ocportal/forum/index.php?page=topics&type=new_pt

Now, because I got a new private message, this XSS is executed everywhere!!
#######################################################

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    16 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    27 Files
  • 17
    Jul 17th
    7 Files
  • 18
    Jul 18th
    5 Files
  • 19
    Jul 19th
    12 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close