lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 6 Aug 2009 19:25:52 -0000
From: katie.french@...federal.com
To: bugtraq@...urityfocus.com
Subject: OpenCms (7.5.0) - Vulnerability: Cross-Site Scripting, Phishing
 Through Frames, Application Error

Application: OpenCms

Version: 7.5.0

Hardware: Tomcat/Oracle

Vulnerability: Cross-Site Scripting, Phishing Through Frames,
Application Error


Overview:

Various URL's within the deployed OpenCms application version 7.5.0 are
open to attacks, including Cross-Site Scripting, Phishing Through Frames
and Application Error.  Some of these attacks allow injection of scripts
into a parameter in the request.  The application should filter out such
hazardous characters from user input.

Example follows:
Vulnerable URL (from the OpenCms VFS):
/opencms/opencms/system/modules/org.opencms.workplace.help/jsptemplates/
help_head.jsp?&homelink=>"'><script>alert("This%20site%20has%20been%20co
mpromised")</script>

Results:
Insertion of the script into the homelink parameter successfully embeds
the script in the response and is executed once the page is loaded into
the user's browser (i.e. vulnerable to Cross-Site Scripting)



Below find the complete list of vulnerable URL's (all paths are relative
to the OpenCms VFS).  All issues are of High risk.



/opencms/opencms/system/modules/org.opencms.workplace.help/elements/sear
ch.jsp

Remediation: Filter out hazardous characters from user input

Parameter(s): query

Vulnerability(s): Cross-Site Scripting



/opencms/opencms/system/modules/org.opencms.workplace.help/jsptemplates/
help_head.jsp

Remediation: Filter out hazardous characters from user input

Parameter(s): homelink

Vulnerability(s): Cross-Site Scripting, Phishing Through Frames



/opencms/opencms/system/workplace/commons/preferences.jsp

Remediation: Verify that parameter values are in their expected ranges
and types. Do not output debugging error messages and exceptions

Parameter(s): tabdicopyfilemode, tabdicopyfoldermode,
tabdideletefilemode

Vulnerability(s): Application Error



/opencms/opencms/system/workplace/commons/property.jsp

Remediation: Filter out hazardous characters from user input

Parameter: resource

Vulnerability(s): Cross-Site Scripting



/opencms/opencms/system/workplace/commons/publishproject.jsp

Remediation: Filter out hazardous characters from user input

Parameter(s): title, cancel, dialogtype, framename, progresskey,
projected, projectname, publishsiblings, relatedresources, subresources

Vulnerability(s): Cross-Site Scripting, Phishing Through Frames, SQL
Injection



/opencms/opencms/system/workplace/commons/publishresource.jsp

Remediation: Filter out hazardous characters from user input

Parameter(s):

Vulnerability(s): Cross-Site Scripting



/opencms/opencms/system/workplace/commons/unlock.jsp

Remediation: Filter out hazardous characters from user input

Parameter(s): title

Vulnerability(s): Cross-Site Scripting, Phishing Through Frames



/opencms/opencms/system/workplace/editors/editor.jsp

Remediation: Filter out hazardous characters from user input

Parameter(s): resource

Vulnerability(s): Cross-Site Scripting



/opencms/opencms/system/workplace/editors/dialogs/elements.jsp

Remediation: Filter out hazardous characters from user input

Parameter(s): elementlanguage, resource, title

Vulnerability(s): Cross-Site Scripting, Phishing Through Frames



/opencms/opencms/system/workplace/locales/en/help/index.html

Remediation: Filter out hazardous characters from user input

Parameter(s): workplaceresource

Vulnerability(s): Phishing Through Frames



/opencms/opencms/system/workplace/views/admin/admin-main.jsp

Remediation: Filter out hazardous characters from user input

Parameter(s): path

Vulnerability(s): Cross-Site Scripting



/opencms/opencms/system/workplace/views/explorer/contextmenu.jsp

Remediation: Filter out hazardous characters from user input

Parameter(s): acttarget

Vulnerability(s): Cross-Site Scripting, Phishing Through Frames



/opencms/opencms/system/workplace/views/explorer/explorer_files.jsp

Remediation: Filter out hazardous characters from user input

Parameter(s): mode

Vulnerability(s): Cross-Site Scripting





Katie French

CGI Federal

12601 Fair Lakes Circle

Fairfax,VA 22033

FFX: (703) 227-5642

RRB: (202) 564-0475

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ