usd250 helpdesk XSS vulnerabily.

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: usd250 helpdesk XSS vulnerabily.
From: Joseph.giron13@xxxxxxxxx
Date: 22 Oct 2007 22:37:20 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

http://www.oneorzero.com/

Within the helpdesk utility usd250, an XSS in the comments field is possible. 
The comments strip script tags and replace them with (not allowed), but
script tags dont need to be in place for XSS. Something along the lines of...
<b onmouseover="window.alert('omghax')">some text</b> Suffices. 

The fix is to use htmlentities() or htmlspecialchars() to filter ALL html
from user input.

Prev by Date: Directory traversal flaw in shttp
Next by Date: IRM Discover More Vulnerabilities in Cisco IOS
Previous by thread: Directory traversal flaw in shttp
Next by thread: IRM Discover More Vulnerabilities in Cisco IOS
Index(es):
- Date
- Thread