SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Commerce)  >   Apache OFBiz Vendors:   Apache Software Foundation
OFBiz Input Validation Hole Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1017360
SecurityTracker URL:  http://securitytracker.com/id/1017360
CVE Reference:   CVE-2006-6587   (Links to External Site)
Updated:  May 22 2008
Original Entry Date:  Dec 11 2006
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): revision 469895
Description:   A vulnerability was reported in OFBiz. A remote user can conduct cross-site scripting attacks.

The forum function does not properly filter HTML code from user-supplied input in the message before displaying the input. A remote user can submit a specially crafted message that, when viewed by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the OFBiz software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A riks Dobelis reported this vulnerability.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the OFBiz software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   No solution was available at the time of this entry.
Vendor URL:  incubator.apache.org/ofbiz/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (AIX), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-disclosure] (no subject)

Open source ERP and e-commerce package OFBIZ has an XSS vulnerability in
the forum functionality. This was initially posted on Ofbiz JIRA issue
tracking system (https://issues.apache.org/jira/browse/OFBIZ-178) on
22/Aug/06.

I last verified it in revision 469895 (1/Nov/06), and it was still
present. As far as I know (and from activity on JIRA) nothing has changed.

Repeating the vulnerability is straight forward:
1) Install OFBIZ;
2) Disable JavaScript in browser;
3) Log in and browse to forum (with default install you will see Browse
Forums/Gizmos on the left side);
4) Post a message like <script>alert('XSS vulnerability test');</script>
5) Enable JavaScript;

So if you are a customer going to some vendor's OFBIZ site, don't go to
Forums section as you might be affected (if your JavaScript is enabled).
If you are using OFBIZ for your e-commerce site, disable all forum
functionality until the vulnerability is fixed.

Ä’riks Dobelis
http://www.biti.lv/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC