Xplico 0.5.7 - 'add.ctp' Cross-Site Scripting (1)

EDB-ID:

14177

CVE:

N/A

EDB Verified:

Author:

Marcos Garcia & Maximiliano Soler

Type:

webapps

Exploit:   /  

Platform:

Linux

Date:

2010-07-02

Vulnerable App: 
Xplico v0.5.7 (add.ctp) Remote XSS Vulnerability

Title: Xplico v0.5.7 (add.ctp) Remote XSS Vulnerability
Type: Remote
Impact: Cross-Site Scripting
Release Date: 02.07.2010
Release mode: Coordinated release

Summary
=======

The goal of Xplico is extract from an internet traffic capture the applications
data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP,
and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on.
Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic
Analysis Tool (NFAT).

Description
===========

Xplico is vulnerable to Cross-Site Scripting vulnerability. An attacker can use the
"POST" to take advantage of this vulnerability, injecting code into the web pages
viewed by other users.

--------------------------------------------------------------------------------

Detecting vulnerabilities
- /opt/xplico/xi/app/views/pols/add.ctp:13
- /opt/xplico/xi/app/views/pols/add.ctp:14
- /opt/xplico/xi/app/views/sols/add.ctp:10

--------------------------------------------------------------------------------


Vendor
======

Xplico Team - http://www.xplico.org


Affected Version
================

0.5.7

PoC
===

- /opt/xplico/xi/app/views/pols/add.ctp:13
echo $form->input('Pol.name',  array('maxlength'=> 50, 'size' => '50','label' => 'Case name'));


Attack: Case name=[XSS] (POST)


Credits
=======

Vulnerability discovered by Marcos Garcia (@artsweb) and Maximiliano Soler (@maxisoler).


Solution
========

Upgrade to Xplico v0.5.8 (http://sourceforge.net/projects/xplico/files/)


Vendor Status
=============
[22.06.2010] Vulnerability discovered.
[22.06.2010] Vendor informed.
[22.06.2010] Vendor replied.
[24.06.2010] Asked vendor for confirmation.
[24.06.2010] Vendor confirms vulnerability.
[24.06.2010] Asked vendor for status.
[24.06.2010] Vendor replied.
[29.06.2010] Vendor reveals patch release date.
[29.06.2010] Coordinated public advisory.


References
==========

[1] http://www.xplico.org/archives/710


Changelog
=========

[02.07.2010] - Initial release


Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services