SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   ocPortal Vendors:   ocportal.com
ocPortal Input Validation Flaws Permit Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1031962
SecurityTracker URL:  http://securitytracker.com/id/1031962
CVE Reference:   CVE-2015-2677   (Links to External Site)
Date:  Mar 23 2015
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 9.0.17
Description:   A vulnerability was reported in ocPortal. A remote user can conduct cross-site scripting attacks.

Several scripts do not properly filter HTML code from user-supplied input before displaying the input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the ocPortal software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

The Events/Calendar, Poll, Forum, and Private Topic components.

Dennis Veninga reported this vulnerability.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the ocPortal software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   The vendor has issued a fix (9.0.17).

The vendor's advisory is available at:

http://ocportal.com/site/news/view/new-releases/ocportal-9-0-17-released.htm

Vendor URL:  ocportal.com/site/news/view/new-releases/ocportal-9-0-17-released.htm (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  ocPortal 9.0.16 Multiply XSS Vulnerabilities

# Exploit Title: ocPortal 9.0.16 Multiply XSS Vulnerabilities
# Google Dork: "Copyright (c) ocPortal 2011 "
# Date: 26-2-2015
# Exploit Author: Dennis Veninga
# Vendor Homepage: http://ocportal.com/
# Vendor contacted: 22-2-2015
# Fix: http://ocportal.com/site/news/view/security_issues/xss-vulnerability-patch.htm
# Version: 9.0.16
# Tested on: Firefox 36 & Chrome 38 / W8.1-x64

ocPortal ->
Version:   		9.0.16
Type:      		XSS
Severity:   		Critical
Info Exploit:  		There are MANY possibilities to execute XSS on the new released ocPortal.

All XSS attacks are done by a new registered user, so no extra rights are given. It's all standard.

#######################################################
Events/Calendar, vulnerable to XSS attack:
URL:  http://{target}/ocportal/cms/index.php?page=cms_calendar&type=ad
Title & text field, enter XSS code in both fields. Somewhere else the title XSS is executed, and elsewhere the Text/info XSS code is executed.

When entering an XSS attack, on the events page, when mouse-over the just made event, it also reproduces an XSS.
URL: http://{target}/ocportal/index.php?page=calendar&type=misc&id=2015-02&view=month
XSS Vulnerability on the events which ALSO affects the Admin Panel, when Admin visits the panel and wants to edit it.
#######################################################

Poll, vulnerable to XSS-attack.
URL: http://{yourwebsite}/ocportal/cms/index.php?page=cms_polls&type=ad
Just fill some XSS-code into the fields. Publish and see the result
#######################################################

Forum, vulnerable to XSS-attack
URL: http://{target}/ocportal/forum/index.php?page=topics&type=new_topic&id=2

Creating a new topic with all the fields XSS-ed, performs the XSS attack when an user is browsing the homepage.
This is happening when the active topics are shown on the index page. 
But on the forum page itself, it isn't working.
#######################################################

New PT (private topic/private message), vulnerable to XSS-attack
URL: http://{target}/ocportal/forum/index.php?page=topics&type=new_pt

Now, because I got a new private message, this XSS is executed everywhere!!
#######################################################
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC