[38325] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Centra 7 XSS Exploit

daemon@ATHENA.MIT.EDU (Clorox)
Tue Apr 12 20:54:31 2005

Date: 12 Apr 2005 19:05:31 -0000
Message-ID: <20050412190531.3412.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Clorox <elac2k@hotmail.com>
To: bugtraq@securityfocus.com

Centra is a program used by businesses and colleges, it allows users to stream microsoft office and other applications over the web in a nice enviroment with voip options.  However on root directory when you go in to enroll for a session if you create or modify your username, first name, or last name to contain any html code it will be ran.  For instance:

&lt;script&gt;alert("hi");&lt;/script&gt; will result in a popup box that says hi

You can put iframes in the portal to keep people from being able to access the application.  

FIX: Use the cleartext function to strip fields that users have input to.

- Clorox
http://g00ns.com
http://g00ns-forums.com


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[38325] in bugtraq

Centra 7 XSS Exploit

daemon@ATHENA.MIT.EDU (Clorox)Tue Apr 12 20:54:31 2005

daemon@ATHENA.MIT.EDU (Clorox)
Tue Apr 12 20:54:31 2005