| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 7 Jun 2007 15:39:12 -0000 From: glafkos@...osec.org.uk To: bugtraq@...urityfocus.com Subject: WmsCMS < = 2.0 Multiple XSS Vulnerabilities Application: WmsCMS Vendors Url: http://www.web-master.biz Bug Type: Multiple URL Handling Remote Cross-Site Scripting Vulnerabilities Exploitation: Remote Severity: Less Critical Solution Status: Unpatched Introduction: WmsCMS is a web-based CMS system Google Dork: "Powered by WMS-CMS" Affected Versions WmsCMS <= 2.0 Description: User-supplied input passed via the URL is not properly sanitised before it is being returned to the user in index.php?pageid=. This can be exploited to execute arbitrary script code in the security context of an affected website, as a result the code will be able to access any of the target user's cookies, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. PoC: http://[target]/4print.asp?p=60&sbl=>">[XSS] http://[target]/4print.asp?p=60&sbr=>">[XSS] <html> <body> <center> <form action="http://[target]/default.asp?p=60&sbl=20&sbr=1" method="post"> <input value="[XSS]" name="search" /> <input type="submit" value="search"> </form> </center> </body> </html> Solution: There was no vendor-supplied solution at the time of entry. Edit source code manually to ensure user-supplied input is correctly sanitised. Filter malicious characters and character sequences via a HTTP proxy or firewall with URL filtering capabilities. Credits: Glafkos Charalambous glafkos (at) infosec (dot) org (dot) uk Information Security Uncensored InfoSEC.org.uk
Powered by blists - more mailing lists