XSS Vulnerability

This is the place to report bugs and get support. When posting in this forum, please always provide as much detail as possible.

Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum, do not report it as a bug.

This is the place to report bugs and get support

When posting in this forum, please try to provide as many relevant details as possible. Particularly the following:

  • What operating system were you running when the bug appeared?
  • What database platform is your site using?
  • What version of mojoPortal are you running?
  • What version of .NET do you use?
  • What steps are necessary to reproduce the issue? Compare expected results vs actual results.
Please do not report problems with a custom build or custom code in this forum. If you are producing your own build from the source code and have problems or questions, ask in the developer forum.
This thread is closed to new posts. You must sign in to post in the forums.
3/23/2009 1:21:19 PM
Gravatar
Total Posts 58

XSS Vulnerability

I ran Acunetix Web Vulnerability scanner (Free Edition) against my website.  I'm running version 2.2.5.8 MSSQL of mojoPortal.  Here is the vulnerability that it found.  I'm getting ready to do an upgrade.  Is this fixed already?  Is there a configuration change I can make to help this?

This vulnerability affects /default.aspx.

The GET variable skin has been set to 1%00"'><ScRiPt%20%0a%0d>alert(399555784182)%3B</ScRiPt>.
 

3/23/2009 1:35:51 PM
Gravatar
Total Posts 18444

Re: XSS Vulnerability

Is there more information about how this can be exploited or what the supposed vulnerability is?

Nothing in your post shows me a vulnerability. You'll have to be more clear on proving a vulnerability exists. What steps to exploit it?

The parmater skin in a get request can set the skin if it points to a skin that exists. If you are saying that somehow script can be injected into the page with this param I need to see proof of it. Show me how to construct an url that fires that alert and I'll believe you.

Best,

Joe

3/23/2009 1:48:05 PM
Gravatar
Total Posts 58

Re: XSS Vulnerability

http://www.aaronstanleyking.com/default.aspx?skin=1%00'"><ScRiPt%20%0a%0d>alert(403326057258)%3B</ScRiPt>

I'm not sure if that will get filtered out or not so I emailed you.  Users should try this on their sites to see what I'm talking about.

3/23/2009 1:49:20 PM
Gravatar
Total Posts 58

Re: XSS Vulnerability

Overall, I think only having one vulnerability on such a complex web portal product is way freakin' cool.   I just don't know how easy it is to fix?

3/23/2009 1:52:42 PM
Gravatar
Total Posts 18444

Re: XSS Vulnerability

Hi Aaron,

Thanks for reporting this. I'm running that scanner now and will put out a fix for this asap.

Best,

Joe 

3/23/2009 2:59:13 PM
Gravatar
Total Posts 18444

Re: XSS Vulnerability

I have fixed this here and plan to package a new release of mojoPortal tommorrow. 

I think the worst case scenario of this vulnerability is the possibility of crafting a link that could steal a user's session cookie and the attacker could then have the same priveleges as the user who was attacked. The attacker would have to manage to get the user to click the link somehow from an email or other web site, and the user would have to already be logged into the mojoportal site for this to work. 

Nevertheless, with any security vulnerability I think its best to get a fix out right away.

Thanks again for reporting it.

Joe

3/23/2009 9:23:28 PM
Gravatar
Total Posts 33
www.jaosobne.cz
Windows Server 2008 R2
Microsoft SQL Server 2008
MojoPortal 2.3.6.2

Re: XSS Vulnerability

It would be way better if anyone, who finds any vulnerability, reported it to Joe by e-mail. It is not really a good idea to publish it and wait for it to be fixed. This puts anyone's mojoPortal installation at risk.

Anyway, Joe, thanx for your really quick response. ;-)

3/24/2009 11:13:56 AM
Gravatar
Total Posts 18444

Re: XSS Vulnerability

This is now fixed in version 2.2.9.6

Thanks,

Joe 

You must sign in to post in the forums. This thread is closed to new posts.