Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
csrf/xss in sungard banner
Posted by: bhickey
Date: January 31, 2008 04:00PM

I posted this to bugtraq, but I figure this is a better place to get discussion going: http://www.securityfocus.com/archive/1/487250/30/0/threaded

Sungard Banner is a University administration product. It runs everything from payroll to course registration and everything is housed on a single database.

I found a CSRF attack that allows a user to inject arbitrary javascript into an authenticated session. It works because they aren't sanitizing user inputs and aren't using nonces to verify POST requests. The vendor has 'repaired' it by instituting referrer checking.

Brendan

Options: ReplyQuote


Sorry, only registered users may post in this forum.