exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

kereval.phpgroup.txt

kereval.phpgroup.txt
Posted Jul 4, 2003
Authored by Francois SORIN | Site kereval.com

Kereval Security Advisory KSA-003 - Cross Site Scripting vulnerabilities exist in Phpgroupware very 0.9.14.003.

tags | exploit, vulnerability, xss
SHA-256 | 115009ff8f21003689ec49c463c4c30c56eedbbdb2ef2b35c538dd0cec9fc89c

kereval.phpgroup.txt

Change Mirror Download
=================================================

Kereval Security Advisory [KSA-003]



Cross Site Scripting Vulnerability in Phpgroupware

=================================================

PROGRAM: Phpgroupware
HOMEPAGE: http://www.phpgroupware.org/
VULNERABLE VERSIONS: 0.9.14.003
RISK: Low/Medium
IMPACT: CSS
RELEASE DATE: 2003-07-02

=================================================
TABLE OF CONTENTS
=================================================

1..........................................................DESCRIPTION
2..............................................................DETAILS
3.............................................................EXPLOITS
4............................................................SOLUTIONS
5...........................................................WORKAROUND
6..................................................DISCLOSURE TIMELINE
7..............................................................CREDITS
8...........................................................DISCLAIMER
9...........................................................REFERENCES
10............................................................FEEDBACK

1. DESCRIPTION
=================================================

"phpGroupWare (formerly known as webdistro) is a multi-user groupware
suite written in PHP.

It provides a Web-based calendar, todo-list, addressbook, email, news
headlines, and a file manager. The calendar supports repeating events.
The email system supports inline graphics and file attachments.

The system as a whole supports user preferences, themes, user
permissions, multi-language support, an advanced API, and user
groups."

(direct quote from http://www.phpgroupware.org)


2. DETAILS
=================================================

¤ Cross Site Scripting :

Many exploitable bugs was found in Phpgroupware which cause script
execution on client's computer by following a crafted url.

This kind of attack known as "Cross-Site Scripting Vulnerability"
is present in many section of the web site, an attacker can input
specially crafted links and/or other malicious scripts.


3. EXPLOIT
=================================================

¤ Cross Site Scripting :

Affected modules : all the additionnal modules with forms.

Ex :

http://[target]/addressbook/index.php?

You can add a contact and put <script>alert();</script> in the name or
surname. If you put something in the contact label the script is
executed at this level.

A dialog box is oppened on the client browser.


4. SOLUTIONS
=================================================

¤ Cross Site Scripting :
Use the function php eregi_replace to filter the input data.


5. WORKAROUND
=================================================

The phpgroupware team will correct these issues in the next release.


6. DISCLOSURE TIMELINE
=================================================

06/24/2003 Vendor notified
06/25/2003 Vendor response and solutions
07/01/2003 Vendor authorisation
07/01/2003 Security Corporation clients notified
07/02/2003 Public disclosure


7. CREDITS
=================================================

Discovered by Fran├žois SORIN <francois.sorin@security-corporation.com>


8. DISLAIMER
=================================================

The information within this paper may change without notice. Use of
this information constitutes acceptance for use in an AS IS condition.
There are NO warranties with regard to this information. In no event
shall the author be liable for any damages whatsoever arising out of
or in connection with the use or spread of this information. Any use
of this information is at the user's own risk.


9. REFERENCES
=================================================

- http://www.security-corporation.com/articles-20030702-005.html


10. FEEDBACK
=================================================

Please send suggestions, updates, and comments to:

Kereval
Immeuble Le Gallium
80, avenue des Buttes de Coesmes
35700 RENNES - FRANCE
info@kereval.com


Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close