-
Notifications
You must be signed in to change notification settings - Fork 0
/
Gmail - [Vulnerability] simpletouchsoftware boxingtimerpro.html
15 lines (15 loc) · 8.35 KB
/
Gmail - [Vulnerability] simpletouchsoftware boxingtimerpro.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01//EN" "https://www.w3.org/TR/html4/strict.dtd">
<html lang="fr"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><style type="text/css" nonce="">
body,td,div,p,a,input {font-family: arial, sans-serif;}
</style><meta http-equiv="X-UA-Compatible" content="IE=edge"><link rel="shortcut icon" href="https://ssl.gstatic.com/ui/v1/icons/mail/rfr/gmail.ico" type="image/x-icon"><title>Gmail - [Vulnerability] simpletouchsoftware boxingtimerpro</title><style type="text/css" nonce="">
body, td {font-size:13px} a:link, a:active {color:#1155CC; text-decoration:none} a:hover {text-decoration:underline; cursor: pointer} a:visited{color:##6611CC} img{border:0px} pre { white-space: pre; white-space: -moz-pre-wrap; white-space: -o-pre-wrap; white-space: pre-wrap; word-wrap: break-word; max-width: 800px; overflow: auto;} .logo { left: -7px; position: relative; }
</style></head><body><div class="bodycontainer"><table width="100%" cellspacing="0" cellpadding="0" border="0"><tbody><tr height="14px"><td width="143"><img src="Gmail%20-%20[Vulnerability]%20simpletouchsoftware%20boxingtimerpro_files/logo_gmail_server_1x.png" alt="Gmail" class="logo" width="143" height="59"></td><td align="right"><font size="-1" color="#777"><b>Maurice Lambert <[email protected]></b></font></td></tr></tbody></table><hr><div class="maincontent"><table width="100%" cellspacing="0" cellpadding="0" border="0"><tbody><tr><td><font size="+1"><b>[Vulnerability] simpletouchsoftware boxingtimerpro</b></font><br></td></tr></tbody></table><hr><table class="message" width="100%" cellspacing="0" cellpadding="0" border="0"><tbody><tr><td><font size="-1"><b>Maurice Lambert </b><[email protected]></font></td><td align="right"><font size="-1">26 octobre 2021 à 20:14</font></td></tr><tr><td colspan="2" style="padding-bottom: 4px;"><font class="recipient" size="-1"><div>À : [email protected], [email protected]</div></font></td></tr><tr><td colspan="2"><table width="100%" cellspacing="0" cellpadding="12" border="0"><tbody><tr><td><div style="overflow: hidden;"><font size="-1"><div dir="ltr"><span style="background-color:rgb(255,255,255)"><span style="color:rgb(255,153,0)">Hello,<br><br>i am contacting you because i found a <b>vulnerability</b> in your <i>Boxing Timer Pro</i>.<br><br>I
am a developer and security researcher, I use your application
regularly and yesterday I found a vulnerability in your application. The
vulnerability is <i>Cross-Site-Scripting (XSS) reflected</i> in the page title. This vulnerability <b>is very easy to exploit</b> (example (open this URL in your web browser): <a href="https://www.simpletouchsoftware.com/timers/boxingtimerpro/?name=%3C/title%3E%3Cscript%3Ealert(%22Demontration:%20XSS%20Reflected...%20You%20are%20hacked%20!%22)%3C/script%3E&rounds=45&prep=56&round=2&warning=25&rest=89" target="_blank" data-saferedirecturl="https://www.google.com/url?hl=fr&q=https://www.simpletouchsoftware.com/timers/boxingtimerpro/?name%3D%253C/title%253E%253Cscript%253Ealert(%2522Demontration:%2520XSS%2520Reflected...%2520You%2520are%2520hacked%2520!%2522)%253C/script%253E%26rounds%3D45%26prep%3D56%26round%3D2%26warning%3D25%26rest%3D89&source=gmail&ust=1635358517210000&usg=AFQjCNG8kAUxiDFECszs5iQLQ8GFRtwfhw">https://www.<wbr>simpletouchsoftware.com/<wbr>timers/boxingtimerpro/?name=</<wbr>title><script>alert("<wbr>Demontration: XSS Reflected... You are hacked !")</script>&rounds=45&prep=<wbr>56&round=2&warning=25&rest=89</a>)<wbr>.<br><br>What about the <b>severity</b> of the vulnerability:<br><br></span></span><ol><li><span style="background-color:rgb(255,255,255)"><span style="color:rgb(255,153,0)"><span style="color:rgb(255,0,0)"><b>CRITICAL</b></span>: If you have an <u>admin page</u> on <u><a href="http://simpletouchsoftware.com/" target="_blank" data-saferedirecturl="https://www.google.com/url?hl=fr&q=http://simpletouchsoftware.com&source=gmail&ust=1635358517211000&usg=AFQjCNErcVgJHITA2HxPi9-x5Thd7YwlNA">simpletouchsoftware.com</a></u>, a hacker can steal your session and use the admin features and permissions on your server.</span></span></li><li><span style="background-color:rgb(255,255,255)"><span style="color:rgb(255,153,0)"><span style="color:rgb(255,0,0)"><b>HIGHT</b></span>: If you have <u>an authentication system</u> on <u><a href="http://simpletouchsoftware.com/" target="_blank" data-saferedirecturl="https://www.google.com/url?hl=fr&q=http://simpletouchsoftware.com&source=gmail&ust=1635358517211000&usg=AFQjCNErcVgJHITA2HxPi9-x5Thd7YwlNA">simpletouchsoftware.com</a></u>, a hacker can steal a user session and spoof their account.</span></span></li><li><span style="background-color:rgb(255,255,255)"><span style="color:rgb(255,153,0)"><span style="color:rgb(255,0,0)"><b>MEDIUM</b></span>: <u>[no conditions]</u> a hacker can use your website to control your users' web browser. It can exploit a <i>Cross-Site-Request-Forgery (CSRF) vulnerability</i> on another website or implement a redirect on a <i>phishing URL</i> from your web application (and your users will see your application as an un trusted or malicious website).<br></span></span></li></ol><div><span style="background-color:rgb(255,255,255)"><span style="color:rgb(255,153,0)">Protection against XSS:</span></span></div><div><ul><li><span style="background-color:rgb(255,255,255)"><span style="color:rgb(255,153,0)"><span style="color:rgb(255,0,0)"><i>PHP</i></span>: <span style="font-family:monospace"><span style="color:rgb(255,255,255)"><span style="background-color:rgb(0,0,0)"><title><?php echo htmlspecialchars($title); ?></title></span></span></span></span></span></li><li><span style="background-color:rgb(255,255,255)"><span style="color:rgb(255,153,0)"><i><span style="color:rgb(255,0,0)">NodeJS</span></i>: <span style="font-family:monospace"><span style="background-color:rgb(0,0,0)"><span style="color:rgb(255,255,255)">const escape = str => str.replace(/&/g,
'&amp;').replace(/</g, '&lt;').replace(/>/g,
'&gt;').replace(/'/g, "&#x27;").replace(/"/g, '&quot;');
`<title>${escape(title)}</<wbr>title>`</span></span></span></span></span></li><li><span style="background-color:rgb(255,255,255)"><span style="color:rgb(255,153,0)"><i><span style="color:rgb(255,0,0)">Python</span></i>: <span style="font-family:monospace"><span style="color:rgb(255,255,255)"><span style="background-color:rgb(0,0,0)">f"<title>{html.escape(title)}<<wbr>/title>"</span></span></span></span></span></li></ul></div><div><span style="background-color:rgb(255,255,255)"><span style="color:rgb(255,153,0)"><br></span></span></div><span style="background-color:rgb(255,255,255)"><span style="color:rgb(255,153,0)">Best regards,<span></span><br></span></span><div><span style="background-color:rgb(255,255,255)"><span style="color:rgb(255,153,0)">Maurice LAMBERT.<br></span></span></div><div><span style="background-color:rgb(255,255,255)"><span style="color:rgb(255,153,0)"></span></span></div><span style="background-color:rgb(255,255,255)"><span style="color:rgb(255,153,0)"><br>Contact: <a href="mailto:[email protected]" target="_blank">[email protected]</a>, <a href="mailto:[email protected]" target="_blank">[email protected]</a><br></span></span><div><span style="background-color:rgb(255,255,255)"><span style="color:rgb(255,153,0)">Date: 2021-10-26<br></span></span></div><div><img src="Gmail%20-%20[Vulnerability]%20simpletouchsoftware%20boxingtimerpro_files/a.png" alt="XSS_title_execution.PNG" width="454" height="200"></div><div><img src="Gmail%20-%20[Vulnerability]%20simpletouchsoftware%20boxingtimerpro_files/a_002.png" alt="XSS_title_code.PNG" width="454" height="123"><br><br><img src="Gmail%20-%20[Vulnerability]%20simpletouchsoftware%20boxingtimerpro_files/a_003.png" alt="XSS_title_page.PNG" width="454" height="223"><br><br><span style="background-color:rgb(255,255,255)"><span style="color:rgb(255,153,0)"></span></span></div><div><span style="background-color:rgb(255,255,255)"><span style="color:rgb(255,153,0)"></span></span></div></div>
</font></div></td></tr></tbody></table></td></tr></tbody></table></div></div><script type="text/javascript" nonce="">// <![CDATA[
document.body.onload=function(){document.body.offsetHeight;window.print()};
// ]]></script></body></html>