I.Vulnerability
FogBugz Cross Site Scripting Vulnerability
II.Vendor
Fog Creek Software (www.fogcreek.com)
III.Affected Systems
- FogBugz (<= 4.029)
IV.About
FogBugz is a complete web based project management system for software
teams. Designed by Joel Spolsky of Joel on Software fame (www.fogcreek.com).
V.Description
An attacker is able to inject HTML and client-side script codes to FogBugz
login page by modifying dest variabe. An example crafted link can be found
below.
FogBugz Cross Site Scripting Vulnerability
II.Vendor
Fog Creek Software (www.fogcreek.com)
III.Affected Systems
- FogBugz (<= 4.029)
IV.About
FogBugz is a complete web based project management system for software
teams. Designed by Joel Spolsky of Joel on Software fame (www.fogcreek.com).
V.Description
An attacker is able to inject HTML and client-side script codes to FogBugz
login page by modifying dest variabe. An example crafted link can be found
below.
VI.Exploit
http://[fogbugz.example.com]/default.asp?pg=pgLogon&dest=[XSS]
VII.Vulnerability Status
- Vulnerability discovered on 2005-12-11.
- Vendor notified on 2005-12-13.
- Patch released on 2005-12-13.
VIII.Credits
M.Neset KABAKLI, Wakiza Software Technologies (www.wakiza.com).
[ reply ]