lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Wed, 27 Apr 2011 00:01:43 -0500 (CDT)
From: security curmudgeon <jericho@...rition.org>
To: advisory@...ridge.ch
Cc: bugtraq@...urityfocus.com
Subject: Re: Stored XSS vulnerability in diafan.CMS


: Vulnerability ID: HTB22776
: Reference: http://www.htbridge.ch/advisory/stored_xss_vulnerability_in_diafan_cms.html
: Product: diafan.CMS

: Vulnerability Details:
: User can execute arbitrary JavaScript code within the vulnerable application.
: 
: The vulnerability exists due to failure in the 
: "http://host/admin/site/save2/" script to properly sanitize 
: user-supplied input in "text" variable. Successful exploitation of this 
: vulnerability could result in a compromise of the application, theft of 
: cookie-based authentication credentials, disclosure or modification of 
: sensitive data.

This is the site editor functionality, correct? This requires 
administrative access and is *designed* to allow the admin to enter any 
HTML or script code desired.

If an attacker can access this page, couldn't they do other bad things? Is 
there really a crossing of privilege boundary here?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ