Feb
06
2009
NGENUITY-2009-004 – ChamberMaster Forgot Password Reflected Cross-Site Scripting
nGenuity Information Services – Security Advisory
Advisory ID: NGENUITY-2009-004 - ChamberMaster Forgot Password Reflected Cross-Site Scripting Application: ChamberMaster.com Vendor: ChamberMaster, INC Vendor website: http://www.chambermaster.com Author: Adam Baldwin (adam_baldwin@ngenuity-is.com) I. BACKGROUND ChamberMaster is a hosted web application that is designed to manage various aspects of chamber of commerce operations. II. DETAILS The ChamberMaster hosted application is vulnerable to a reflected cross-site scripting vulnerability. This attack can be used to display content or execute malicious JavaScript in the context of the victims web browser. Attack Scenario: 1. The attacker sends or places links, similar to the one below. These could be delivered via instant message, social network, email or any other medium in which a link can be provided to an end user. Example URL
/directory/jsp/admin/login/ForgotPwd.jsp?email=INSERTXSSHERE
2. Victim clicks on link.
3. Victims browser executes malicious code.
From this attack, the attacker now controls the victims browser.
They can access and manipulate data that users ChamberMaster session has access
too.
III. REFERENCES
[1] - http://www.chambermaster.com
IV. VENDOR COMMUNICATION
2.3.2009 - Vendor Notified
2.6.2009 - Notification from vendor that this issue has been fixed.
Copyright (c) 2008 nGenuity Information Services, LLC
By Adam Brault, February 6, 2009 @ 9:43 am
egads! security holez! {seesmic_video:{“url_thumbnail”:{“value”:”http://t.seesmic.com/thumbnail/3EQAMJ3rfT_th1.jpg”}”title”:{“value”:”egads! security holez! ”}”videoUri”:{“value”:”http://www.seesmic.com/video/vTgASSKD2D”}}}