lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <200608021215.17742.stefan.friedli@gmail.com>
Date: Wed, 2 Aug 2006 12:15:17 +0200
From: Stefan Friedli <stefan.friedli@...il.com>
To: bugtraq@...urityfocus.com
Subject: Content Management Framework "G3" - XSS Vulnerability in Search Function

Content Management Framework "G3" - XSS Vulnerability in Search Function

INTRO
According to the manufacturer, "G3" is a classic content-management-system, 
allowing customers to manage their own websites without knowing much about 
webpublishing.
Information about the product is available at:
http://www.inm.ch/g3.cms/s_page/56770

DESCRIPTION
Stefan Friedli discovered a XSS Vulnerabilty in the search module used by many 
websites powered by G3. By using the chars "<" ">" and quotes, the form can 
be used to include script code. As there seems to be no determination between 
parameters being passed by GET or POST, it's possible to pass manipulated 
content to other users using a simple link passing the parameter 
search_string.

EXPLOIT
Classic browser-based script injection techniques are sufficient to exploit 
this vulnerability.

POSSIBLE IMPACT
As most XSS vulnerabilities, the impact of this flaw depends on the page being 
attacked. In this case, a "trusted" site may be used to exploit 
vulnerabilities in older browsers or compromise accounts on sites using 
authentication. For several customers of INM, this flaw could cause some 
additional trouble because of possible phising attacks using this 
vulnerability to trick customers.

SOLUTION
The vulnerabilty has not been addressed yet. A patch implementing basic input 
validation would solve the problem.

VENDOR RESPONSE
INM has been informed about this vulnerability on 2006-07-06. A reminder was 
sent 14 days after. There has been no reaction on any message according this 
issue.

TIMELINE
2006-07-05 - Discovery
2006-07-06 - INM has been informed about the flaw
2006-07-20 - Reminder has been sent
2006-08-02 - Public advisory has been published

CREDITS
This vulnerabilty was discovered by Stefan Friedli. It may be redistributed 
as-is.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ