lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060222094941.14840.qmail@securityfocus.com>
Date: 22 Feb 2006 09:49:41 -0000
From: roozbeh_afrasiabi@...oo.com
To: bugtraq@...urityfocus.com
Subject: [KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability


[KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability

KAPDA New advisory

Vulnerable products : Runcms 1.x
Vendor: www.runcms.org
Risk: Low
Vulnerabilities: Cross_Site_Scripting
Discoverd by Roozbeh Afrasiabi
roozbeh[at]yahoo[dot]com
www.kapda.ir
www.persiax.com


Date :
--------------------
Found : Jan 28 2006
Vendor Contacted : N/A

About :
--------------------
"Runcms Includes most things a webmaster would expect from a cms: downloads,links, tutorials section, polls, forums, news, faq, contact form,rss feeds,file uploads, blogging via xml-rpc, & more. Possibility to manage users as groups with module/block specific access permissions, and extend functioality via 3rd party module plug-ins. Has a simple yet good themability.
Easy enough to use for users, while staying simple enough to extend & customize for coders." (from runcms.org)


Vulnerability:
--------------------
Cross_Site_Scripting :

RUNCMS is affected by a cross-site scripting vulnerability. This issue is due to the failure of the application to properly sanitize user-
supplied input.

As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed.


Detail and PoC :
--------------------


The application does not validate the "lid" variable upon submission
to ratefile.php.

h**p://[target]/public/modules/downloads/ratefile.php?lid={number}">[code]



Solution :
--------------------
N/A


Original Advisory :
--------------------
http://kapda.ir/advisory-267.html


Especial thanks to:
--------------------
All KAPDA members


Credit :
--------------------
Discoverd by Roozbeh Afrasiabi
roozbeh_afrasiabi[at]yahoo[dot]com
www.kapda.ir
www.persiax.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ