entry.picoevents.ch - Persistent XSS Attack (#mvid8)
Document Title:
===============
entry.picoevents.ch - Persistent XSS Attack
mosi Vulnerability ID (mvid):
===============
8
Discovery Status:
=============
Vendor informed
CVSSv2 Overall Score:
===============
6.2
CVSSv2 Vector:
==============
(AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C/CDP:L/TD:M/CR:H/IR:M/AR:M)
https://nvd.nist.gov/vuln-metrics/cvss/v2-calculator?vector=(AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C/CDP:L/TD:M/CR:H/IR:M/AR:M)
Product & Service Introduction:
==============
picoEvents provides an online registration and live result service to simplify the timekeeping in orienteering combined with SPORTident.
http://picoevents.ch/
Abstract:
==============
Namo Flury found a persistent cross site scripting vulnerability in the registration form of a competition by changing a value in the input fields to javascript code.
Report Timeline:
==============
2017-06-19: Analysis of server attack requested by vendor
2017-06-19: Vulnerability detected
2017-06-19: Vendor informed
2017-08-14: Vendor reminded
2017-08-15: Vendor requested more information
2017-09-07: Vendor asked for more time (granted)
2017-09-12: Vendor provided patch
2017-09-12: Patch rejected by mosi security research (not working)
2017-09-25: Vendor asked for more time (granted)
2017-10-03: Vendor released patch
2017-10-03: Patch approved by mosi security research
2017-10-03: Public Disclosure
Affected Products:
=============
picoEvents entry form
Exploitation Technique:
=============
Persistent XSS
Security Level:
=============
Medium
Technical Details & Description:
=============
Vulnerable Modules:
[+] http://www.picoevents.ch/entry/regist/anmeldung2.php
Vulnerable Parameter(s):
[+] Name
[+] Vorname
[+] Jahrgang
[+] Wohnort
[+] Club
Proof of Concept (PoC):
=============
It was possible to add the javascript command "<script>alert("xss");</script>" into the form field "Club". The command was successfully executed on the client.
Possible Solution:
============
Input escaping/validating
Security Risk:
============
Medium with high exploitability (CVSSv2 6.2)
Author / Credits:
============
mosi security research - Namo Flury (Researcher)
mosi security research - Simon Monai (Author) (http://jongliertricks.ch/kontakt)
Public Disclosure:
============
2017-10-03 - https://jongliertricks.ch/mosi-security-research/42
----------------------------
https://jongliertricks.ch/mosi-security-research