;selectid=3D1337 > > Screenshots available : > > http://www.asafety.fr/data/20141126-RXSS_openldap.org_synetis_001.png > http://www.asafety.fr/data/20141126-RXSS_openldap.org_synetis_002.png > > Feel free to contact me for more information, > > Best regards, > > Yann CAM - Security Consultant @ASafety - Synetis - www.synetis.com > > --=20 -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ --===============0723471828364401158==--

From hyc@symas.com Wed Nov 26 21:29:24 2014 From: hyc@symas.com To: openldap-bugs@openldap.org Subject: Re: (ITS#7988) Reflected XSS vulnerability in www.openldap.org Date: Wed, 26 Nov 2014 21:29:16 +0000 Message-ID: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0723471828364401158==" --===============0723471828364401158== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable yann.cam(a)gmail.com wrote: > Full_Name: Yann CAM > Version: > OS: > URL: http://www.openldap.org/its/ > Submission from: (NULL) (2a01:e34:edbf:a5d0:845:664b:ce80:cf7b) > > > I'm contacting you to inform you about the presence of a Reflected XSS > vulnerability on the www.openldap.org main domain. Thanks for the report, this is now fixed. > > Through this vulnerability, an attacker could tamper with page rendering, > redirect victims to fake OpenLdap pages, or capture users data. > > This reflected XSS is on GET "id" variable of the current "JitterBug" track= er, > and is not properly sanitized before being used to his page. > > The JitterBug tracker project seems to be suspended > (https://www.samba.org/cgi-bin/jitterbug/), this vulnerability isn't specif= ic to > your bug tracker. I just open a ticket to report this vulnerability to the > samba-jitterbug maintainers (https://bugzilla.samba.org/show_bug.cgi?id=3D1= 0967). > > Proof of Concept, tested with Firefox 33.1.1 (screenshot in attachment): > > http://www.openldap.org/its/index.cgi/Documentation?id=3D1337<= img > src=3Dx onerror=3D"alert(/Reflected XSS - Yann CAM @ASAfety/)" > />;selectid=3D1337 > > Screenshots available : > > http://www.asafety.fr/data/20141126-RXSS_openldap.org_synetis_001.png > http://www.asafety.fr/data/20141126-RXSS_openldap.org_synetis_002.png > > Feel free to contact me for more information, > > Best regards, > > Yann CAM - Security Consultant @ASafety - Synetis - www.synetis.com > > --=20 -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/ --===============0723471828364401158==--