[Openpacket-devel] OpenPacket.org casual browsing
Brought to you by:
crazy_j,
taosecurity
Menu
▾
▴
[Openpacket-devel] OpenPacket.org casual browsing
|
From: Richard B. <tao...@gm...> - 2007-12-20 01:11:00
|
Hi Sharri, I was doing some casual browsing of OpenPacket.org and encountered a few issues: 1. From http://beta.openpacket.org:8080/post/showthread/6 clicking on Latest Posts http://beta.openpacket.org:8080/post/latest produced We're sorry, but something went wrong. We've been notified about this issue and we'll take a look at it shortly. 2. On the same page, clicking on Most Viewed http://beta.openpacket.org:8080/post/mostviewed produced the same error. 3. On the same page, clicking on Search http://beta.openpacket.org:8080/post/search produced The page you were looking for doesn't exist. You may have mistyped the address or the page may have moved. 4. When I post a reply to a Forum message, I see this warning: Note: These forums are unmoderated but any posts deemed offensive will be promptly removed. Thank you for your cooperation. I thought the Forum Manager link in the Admin Menu might do it http://beta.openpacket.org:8080/forum_manager/list but I got this error: The page you were looking for doesn't exist. You may have mistyped the address or the page may have moved. 5. It looks like the user registration process is vulnerable to XSS. I noticed that when visiting the Manage Users link at http://beta.openpacket.org:8080/user_manager/list I got two results indicating XSS: <tr> <td><ScRiPt >alert(831501365);</ScRiPt></td> <td>111...@ad... 111...@ad...</td> <td>111...@ad...</td> <td>Registered User</td> <td><a href="/user_manager/edit/22">Edit</a></td> <td><a href="/user_manager/destroy/22" onclick="if (confirm('Are you sure?')) { var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;f.submit(); };return false;">Destroy</a></td> </tr> and <tr> <td>111...@ad...</td> <td>111...@ad... 111...@ad...</td> <td><ScRiPt >alert(1651137805);</ScRiPt></td> <td>Registered User</td> <td><a href="/user_manager/edit/23">Edit</a></td> <td><a href="/user_manager/destroy/23" onclick="if (confirm('Are you sure?')) { var f = document.createElement('form'); f.style.display = 'none'; this.parentNode.appendChild(f); f.method = 'POST'; f.action = this.href;f.submit(); };return false;">Destroy</a></td> </tr> 6. I tried uploading a trace with DNS traffic to the capture repo. I got this error: 4 errors prohibited this capture from being saved There were problems with the following fields: * Content type can't be blank * Size is not included in the list * Size can't be blank * Filename can't be blank I provided this for the Tshark field: =================================================================== Protocol Hierarchy Statistics Filter: frame frame frames:6 bytes:612 eth frames:6 bytes:612 ip frames:6 bytes:612 udp frames:6 bytes:612 dns frames:6 bytes:612 =================================================================== I left the tags blank. Can we have the tags auto-populate based on the results of the Tshark output? Thanks a lot Sharri! Sincerely, Richard |
