Bugtraq mailing list archives
XXS in SCT email client
From: "Matthew Oyer" <root () spiffomatic64 com>
Date: Wed, 13 Oct 2004 00:02:46 -0400
Vendor : SCT URL : http://www.SCT.com/ Version: Campus Pipeline Risk : Cross site scripting Description: Fusetalk SCT Campus Pipeline is the Web platform of choice at over 175 institutions. It improves efficiency, builds community, and provides freedom of choice by integrating disparate systems and applications into a unified whole. SCT Campus Pipeline provides an institution's constituents - students, faculty, administration, and alumni - with centralized Web access to information, services, and communities. Cross site scripting: when passing a url to the script /cp/render.UserLayoutRootNode.uP?uP_tparam=utf&utf=????? You can easily highjack a users session Solution: only allow onsite urls. or make specific exceptions for those that arnt Credits: Credits goto my loving fiance, you push me todo things i never thought possible. Exploit: This is exploited by passing a foreign url to the utf variable in the http://one.drexel.edu/cp/render.UserLayoutRootNode.uP?uP_tparam=utf <http://one.drexel.edu/cp/render.UserLayoutRootNode.uP?uP_tparam=utf&utf
&utf= script.
Spiffomatic64 Hacking is an art-form
Current thread:
- XXS in SCT email client Matthew Oyer (Oct 13)