AOH :: HP Unsorted N :: B06-3233.HTM

Netsoft smartnet 2.0 cross-site scripting vulnerability



NetSoft SmartNet 2.0 Cross-Site Scripting Vulnerability
NetSoft SmartNet 2.0 Cross-Site Scripting Vulnerability



Title:=0D
[Kil13r-SA-20060622-1] NetSoft SmartNet 2.0 Cross-Site Scripting Vulnerability=0D
=0D
Author:=0D
Kil13r - http://www.kil13r.info/=0D 
=0D
Local / Remote:=0D
Remote=0D
=0D
Timeline:=0D
2006/06/21 - Discovery=0D
2006/06/21 - Vendor notification=0D
2006/06/22 - Release=0D
=0D
Affected version:=0D
NetSoft SmartNet 2.0=0D
=0D
Not affected version:=0D
=0D
Description:=0D
NetSoft SmartNet 2.0 is search engine solution, but that has vulnerability.=0D
It can run arbitrary Javascript code by end user in search engine.=0D
=0D
If victim execute arbitrary Javascript code, attacker can steal victim's cookie.=0D
=0D
Proof of Concept code:=0D
None=0D
=0D
Proof of Concept example:=0D
=0D">http://www.victim.com/dataCollector/search.jsp?searchFLD=0&tableName=_meta&keyWord==0D 
=0D">http://www.victim.com/dataCollector/search.asp?searchFLD=0&tableName=_meta&keyWord==0D 
=0D
Proof of Concept screenshot:=0D
http://www.kil13r.info/sa/xss/smartnetxss.jpg=0D 
=0D
-=0D
Igitur qui desiderat pacem, praeparet bellum.=0D

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.