[27374] in bugtraq
XSS in Authoria HR Suite
daemon@ATHENA.MIT.EDU (Max)
Wed Oct 9 19:48:52 2002
Date: Wed, 9 Oct 2002 14:31:08 -0700 (PDT)
From: Max <rusmir@tula.net>
To: bugtraq@securityfocus.com
Message-ID: <Pine.LNX.4.44.0210091422120.28106-100000@sds.disney.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Title:
======
Cross-site scripting vulnerability (XSS) in Authoria HR suite
Vulnerable Application:
=======================
Authoria HR Suite (http://www.authoria.com) is HR information management
application used by many large enterprises.
Details:
========
Due to the unefficient URL filtering, which assumes that if you enclose
something in quites, it will be a string value, it is possible to inject
a javascript in the URL.
The fact that all unknown parameters are passed to string variables inside
<script> tag makes it even easier to exploit.
Demonstration:
==============
https://your.site.com/path.to/cgi-bin/athcgi.exe?command=showpage&script='],[0,0]];alert('Hello%20there!');a=[['
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
iD8DBQE9pKAg8mCpXsrcXpwRAn09AJ98PCYsK+XkzdZG/BmYz6dK26QhrgCdGg5B
GkqaU/8qIj8/unR8YxEI8Ns=
=TNOO
-----END PGP SIGNATURE-----
