[
https://issues.apache.org/jira/browse/OFBIZ-2747?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12733929#action_12733929
]
Alexandre Mazari commented on OFBIZ-2747:
-----------------------------------------
Hi David,
As stated above, i am running latest SVN trunk as of 22 july. The URL provided
by Scott Gray suffers from this issue.
In most, if no all browsers, the injected code isn't interpreted but browser
vendors may differ in their parsing rules.
Try this for some fun :
http://demo.ofbiz.org/ecommerce/control/main/?%22/%3E%3Cscript%3Ealert%28%27Oops%27%29;%3C/script%3E%3Cinput
on Firefox 3.5, the script is interpreted.
Webkit seems to check request parameters for javascript "Refused to execute a
JavaScript script. Source code of script found within request."
> Security : The remote web server is prone to cross-site scripting attacks.
> ---------------------------------------------------------------------------
>
> Key: OFBIZ-2747
> URL: https://issues.apache.org/jira/browse/OFBIZ-2747
> Project: OFBiz
> Issue Type: Bug
> Components: specialpurpose/ecommerce
> Affects Versions: SVN trunk
> Reporter: Alexandre Mazari
> Priority: Critical
>
> The pollbox seems to be subjet to request argument injection, without any
> strip of html tags (ex : <script>).
> Nessus scan log :
> Web Server Generic XSS
> Synopsis :
> The remote web server is prone to cross-site scripting attacks.
> Description :
> The remote host is running a web server that fails to adequately
> sanitize request strings of malicious JavaScript. By leveraging this
> issue, an attacker may be able to cause arbitrary HTML and script code
> to be executed in a user's browser within the security context of the
> affected site.
> See also :
> http://en.wikipedia.org/wiki/Cross-site_scripting
> Solution :
> Contact the vendor for a patch or upgrade.
> Risk factor :
> Medium / CVSS Base Score : 4.3
> (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
> Plugin output :
> The request string used to detect this flaw was :
> /?<script>cross_site_scripting.nasl</script>
> The output was :
> HTTP/1.1 200 OK
> Server: Apache-Coyote/1.1
> X-Powered-By: JSP/2.1
> Set-Cookie: OFBiz.Visitor=12065; Expires=Wed, 21-Jul-2010 21:31:20 GMT; Path=/
> Content-Type: text/html;charset=UTF-8
> Transfer-Encoding: chunked
> Date: Tue, 21 Jul 2009 21:31:19 GMT
> [...]
> <h3>Mouse Hand Poll</h3>
> <div class="screenlet-body">
> <form method="post" action="/control/minipoll/main" style="margin: 0;">
> <input type="hidden" name="<script>cross_site_scripting.nasl</script>"
> value=""/>
> <input type="hidden" name="surveyId" value="1004"/>
> <table width="100%" border="0" cellpadding="2" cellspacing="0">
> [...]
> CVE : CVE-2002-1060, CVE-2003-1543, CVE-2005-2453, CVE-2006-1681
> BID : 5305, 7344, 7353, 8037, 14473, 17408
> Other references : OSVDB:4989, OSVDB:18525, OSVDB:24469, OSVDB:42314
> Nessus ID : 10815
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
