[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7988) Reflected XSS vulnerability in www.openldap.org
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7988) Reflected XSS vulnerability in www.openldap.org
- From: hyc@symas.com
- Date: Wed, 26 Nov 2014 21:29:16 +0000
- Auto-submitted: auto-generated (OpenLDAP-ITS)
yann.cam@gmail.com wrote:
> Full_Name: Yann CAM
> Version:
> OS:
> URL: http://www.openldap.org/its/
> Submission from: (NULL) (2a01:e34:edbf:a5d0:845:664b:ce80:cf7b)
>
>
> I'm contacting you to inform you about the presence of a Reflected XSS
> vulnerability on the www.openldap.org main domain.
Thanks for the report, this is now fixed.
>
> Through this vulnerability, an attacker could tamper with page rendering,
> redirect victims to fake OpenLdap pages, or capture users data.
>
> This reflected XSS is on GET "id" variable of the current "JitterBug" tracker,
> and is not properly sanitized before being used to his page.
>
> The JitterBug tracker project seems to be suspended
> (https://www.samba.org/cgi-bin/jitterbug/), this vulnerability isn't specific to
> your bug tracker. I just open a ticket to report this vulnerability to the
> samba-jitterbug maintainers (https://bugzilla.samba.org/show_bug.cgi?id=10967).
>
> Proof of Concept, tested with Firefox 33.1.1 (screenshot in attachment):
>
> http://www.openldap.org/its/index.cgi/Documentation?id=1337</TITLE><img
> src=x onerror="alert(/Reflected XSS - Yann CAM @ASAfety/)"
> /><TITLE>;selectid=1337
>
> Screenshots available :
>
> http://www.asafety.fr/data/20141126-RXSS_openldap.org_synetis_001.png
> http://www.asafety.fr/data/20141126-RXSS_openldap.org_synetis_002.png
>
> Feel free to contact me for more information,
>
> Best regards,
>
> Yann CAM - Security Consultant @ASafety - Synetis - www.synetis.com
>
>
--
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/