XSS in Brazilian Insite products
Well i have found some XSS in insite products
Inmail -> As the name says a webmail
Inshop -> Shopping Cart
The XSS problem founded could stole user accounts without the need of password.
I sent an e-mail long time ago telling them about this, but i get no
answers and no correction was made so...
The proof of concept i shown below:
Its important accentuate that users must be logged ON to view this
proof of concept.
But an atacker could also forge a malicious link and send it to the
victim(inmail) or make a commentary of a product(inshop) that contain
malicious codes using html and javascript.
Proof:
-----------------
Inmail:
http://target/mod_perl/inmail.pl?acao=<<h1>opss!</h1>
For the webmail we need to use two << in the beginning of the first
tag of the XSS. It looks like a filter for any tag.
Inshop:
http://hostalvo/mod_perl/inshop.pl?screen=<script>alert(document.cookie);</script>
Thanks and sorry for the bad english.
Carlos