Xplico 0.5.7 (add.ctp) Remote XSS Vulnerability
Title: Xplico 0.5.7 (add.ctp) Remote XSS Vulnerability
Advisory ID: ZSL-2010-4944
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 02.07.2010
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
[22.06.2010] Vendor informed.
[22.06.2010] Vendor replied.
[24.06.2010] Asked vendor for confirmation.
[24.06.2010] Vendor confirms vulnerability.
[24.06.2010] Asked vendor for status.
[24.06.2010] Vendor replied.
[29.06.2010] Vendor reveals patch release date.
[29.06.2010] Coordinated public advisory.
[2] http://www.exploit-db.com/exploits/14177/
[3] http://www.securityfocus.com/bid/41322
[4] http://packetstormsecurity.org/filedesc/xplico-xss.txt.html
[5] http://securityreason.com/wlb_show/WLB-2010070022
[6] http://xforce.iss.net/xforce/xfdb/60058
[04.07.2010] - Added reference [4] and [5]
[10.07.2010] - Added reference [6]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2010-4944
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 02.07.2010
Summary
The goal of Xplico is extract from an internet traffic capture the applications data contained. For example, from a pcap file Xplico extracts each email (POP, IMAP, and SMTP protocols), all HTTP contents, each VoIP call (SIP), FTP, TFTP, and so on. Xplico isn’t a network protocol analyzer. Xplico is an open source Network Forensic Analysis Tool (NFAT).Description
Xplico is vulnerable to Cross-Site Scripting vulnerability. An attacker can use the "POST" to take advantage of this vulnerability, injecting code into the web pages viewed by other users.--------------------------------------------------------------------------------
Detecting vulnerabilities
- /opt/xplico/xi/app/views/pols/add.ctp:13
- /opt/xplico/xi/app/views/pols/add.ctp:14
- /opt/xplico/xi/app/views/sols/add.ctp:10
--------------------------------------------------------------------------------
Vendor
Xplico Team - http://www.xplico.orgAffected Version
0.5.7Tested On
GNU/Linux Debian, ApacheVendor Status
[22.06.2010] Vulnerability discovered.[22.06.2010] Vendor informed.
[22.06.2010] Vendor replied.
[24.06.2010] Asked vendor for confirmation.
[24.06.2010] Vendor confirms vulnerability.
[24.06.2010] Asked vendor for status.
[24.06.2010] Vendor replied.
[29.06.2010] Vendor reveals patch release date.
[29.06.2010] Coordinated public advisory.
PoC
xplico_xss.txtCredits
Vulnerability discovered by Maximiliano Soler - <maxi@zeroscience.mk> and Marcos Garcia - <@artsweb>References
[1] http://www.xplico.org/archives/710[2] http://www.exploit-db.com/exploits/14177/
[3] http://www.securityfocus.com/bid/41322
[4] http://packetstormsecurity.org/filedesc/xplico-xss.txt.html
[5] http://securityreason.com/wlb_show/WLB-2010070022
[6] http://xforce.iss.net/xforce/xfdb/60058
Changelog
[02.07.2010] - Initial release[04.07.2010] - Added reference [4] and [5]
[10.07.2010] - Added reference [6]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk