exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

olms-xss.txt

olms-xss.txt
Posted Jul 7, 2007
Authored by A. R.

The web-based Oliver Library Management System is susceptible to cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
SHA-256 | 00c46461ed5f37a07dd624fc9d7512c75ad44376b3b43feae859f9786732add8

olms-xss.txt

Change Mirror Download
BACKGROUND
==========
"Oliver is the web-based Library Management System for Schools. Softlink
has built on the understanding of thousands of school clients, over many
years, and has designed a new system for school libraries and learning
resource centres in the 21st century"
-- from http://www.softlink.co.uk:


DETAILS
=======
During a penetration test for an educational institution, several XSS
vulnerabilities were found in their Oliver installations. Due to the
test constraints it was not possible to ascertain the exact version of
the product, but all instances that have been tested have been found
trivially vulnerable

Some of the vulnerable input fields include:

1) GET parameters
http://www.victim.com/oliver/gateway/gateway.exe?X_=000f&application=Oliver&displayform=main&updateform="><script>alert("XSS");</script>
http://www.victim.com/oliver/gateway/gateway.exe?X_=000f&displayform=main"><script>alert("XSS");</script>

2) POST parameters in search forms
In the Basic Search page, the following parameters are vulnerable:
- TERMS
- database
- srchad
- SuggestedSearch
- searchform

As a Proof-Of-Concept exploit, the following string can be appended to
any of the listed parameters:
"><script>alert("xss");</script>

3) Username login field:
The application also fails to properly filter the username parameter, as
can be seen when passing to the application the following string as
username:

--><script>alert("xss")</script>



VENDOR RESPONSE
===============
15/06/2007 Vendor contacted. No response received
25/06/2007 Vendor contacted for the second time. No response received
03/07/2007 Advisory published

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close