Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24907
HistoryOct 13, 2010 - 12:00 a.m.

Collabtive Multiple Vulnerabilities

2010-10-1300:00:00
vulners.com
21

ANATOLIA SECURITY ADVISORY

ADVISORY INFO

  • Title: Collabtive Multiple Vulnerabilities
  • Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt
  • Advisory ID: 2010-003
  • Version: 0.65
  • Date: 12/10/2010
  • Impact: Gaining Administrative Privileges - Execute Malicious
    Javascript Codes
  • CWE-ID: 352 (Cross-site Request Forgery) - 79 (Cross-site Scripting)
  • Credit: Anatolia Security

VULNERABLE PRODUCT

  • Description: "Collabtive provides a web based platform to bring the
    project
    management process and documentation online. Collabtive is an open
    source solution
    with features and functionality similar to proprietary software such as
    BaseCamp."
  • Homepage: http://www.collabtive.com

VULNERABILITY DETAILS

I. Non-persistent Cross-site Scripting

II. Cross-site Request Forgery

  • Description: Collabtive affects from Cross-site Request Forgery.
    Technically, attacker
    can create a specially crafted page and force collabtive administrators
    to visit it and
    can gain administrative privilege. For prevention from CSRF
    vulnerabilities, application
    needs anti-csrf token, captcha and asking old password for critical actions.

  • Exploit/POC:
    http://www.anatoliasecurity.com/exploits/collabtive-csrf-xploit.txt

III. Stored Cross-site Scripting

  • Description: Collabtive has Stored Cross-site Scripting vulnerability.
    Every user can
    change their usernames and application allows HTML codes and stores in
    database.

  • Exploit/POC: Change username to "user<script>alert(/AS/)</script>".