nGenuity Information Services – Security Advisory

   Advisory ID: NGENUITY-2009-001
   Application: Open-Realty 2.5.5
        Vendor: Transparent Technologies,INC
Vendor website: http://www.transparent-tech.com/
        Author: Adam Baldwin (adam_baldwin@ngenuity-is.com)

  I. BACKGROUND
     "Open-Realty® is an open source web based real estate listing management
application. It is intended to be both easy to setup and use. Written
in PHP, Open-Realty® is designed to be a fast and flexible tool for
your real estate website" [1]

 II. DETAILS
     Multiple reflected cross-site (xss) scripting vulnerabilities exist within
Open-Realty v2.5.5. These are due to user input being echoed back to the user
unaltered or properly encoded.

Reflected:

http://www.example.com/openrealty/index.php?action=contact_agent&listing_id=XSS&popup=yes

http://www.example.com/openrealty/index.php?action=contact_agent&popup=yes&agent_id=XSS

http://www.example.com/openrealty/index.php?action=calculator&price=XSS&popup=y

1.27.2009 - Version 2.5.6 has been released and addresses this vulnerability.

III. REFERENCES
     [1] - http://www.open-realty.org/
Copyright (c) 2008 nGenuity Information Services, LLC

 IV. EDITS
1/18/2008 - Vendor notification "releasing a new version of Open-Realty 2.5.6 this week to fix the XSS reflection vulnerabilities..."
1/20/2008 - Removed persistent section of advisory. Informed by the vendor that "There is an option to strip HTML from the
listing and agent fields when agents post in the Open-Realty  configuration, under Editor/Html. If that is on any html posted in a "
field by an agent will be removed."
1/27/2009 - Added vendor fix information.