[ postfixadmin-Bugs-2905599 ] wapity found XSS in login.php
Brought to you by:
christian_boltz,
gingerdog
From: SourceForge.net <no...@so...> - 2009-11-29 21:30:52
|
Bugs item #2905599, was opened at 2009-11-29 11:39 Message generated for change (Comment added) made by christian_boltz You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2905599&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: v 2.3 Status: Open Resolution: None Priority: 5 Private: No Submitted By: https://www.google.com/accounts () Assigned to: Nobody/Anonymous (nobody) Summary: wapity found XSS in login.php Initial Comment: Penetration tests with Wapity 1.6 found a XSS vulnerability in login.php. Site is running version 2.3. on https. . dani@danici:~$ wapiti https://postfixadmin-server/pfadm Wapiti-1.1.6 (wapiti.sourceforge.net) .... Attacking urls (GET)... ----------------------- Attacking forms (POST)... ------------------------- Found XSS in https://postfixadmin-server/pfadm/users/login.php with params = lang=on&fUsername=%3Cscript%3Evar+wapiti_68747470733a2f2f6272756767652e7479646e65742e6f72672f706661646d2f75736572732f6c6f67696e2e706870_66557365726e616d65%3Dnew+Boolean%28%29%3B%3C%2Fscript%3E&fPassword=on&submit=Login coming from https://postfixadmin-server/pfadm/users/login.php ---------------------------------------------------------------------- >Comment By: Christian Boltz (christian_boltz) Date: 2009-11-29 22:30 Message: I just read the code and can't follow you. The only result I get is a message that my username or password is wrong (as expected), but the script tag is not included anywhere AFAIK. Can you give some details how to exploit this without using wapity? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2905599&group_id=191583 |