lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 13 Jul 2007 21:41:29 -0400
From: <edi.strosar@...nostne-novice.com>
To: "Full Disclosure" <full-disclosure@...ts.grok.org.uk>
Subject: Element CMS script insertion vulnerability

=========================================================================
TeamIntell Security Advisory TISA2007-06-Public
-------------------------------------------------------------------------
Element CMS "s" parameter script insertion vulnerability
=========================================================================


Release Date:    14.7.2007
Severity:        Less critical
Impact:          Cross-site scripting (XSS)
Status:          Official patch not available (0-day)
Software:        Element CMS
Vendor:          http://www.element.si
                  http://www.elementcms.si
Disclosed:       Edi Strosar (TeamIntell)


Description:
============

Element CMS, a full featured Slovenian content management 
system, is prone to a cross-site scripting vulnerability 
because the application fails to properly sanitize 
user-supplied input.

Input passed to the "s" parameter in default.asp is not 
properly sanitized before being used. This can be 
exploited to insert arbitrary HTML and script code in a 
user's browser session in context of an affected site.

The vulnerability is reported in all versions of Element 
CMS.


Proof of Concept:
=================

http://demo2.element.si/default.asp?pID=search&mid=sl&s="><script>alert(String.fromCharCode(88,83,83))</script>


Solution:
=========

Vendor informed. Official patch not available.

Note: because of arrogant and unprofessional vendor's 
response TeamIntell decided to release the advisory.


Contact:
========

Maldin d.o.o.
Trzaska cesta 2
1000 Ljubljana - SI

tel: +386 (0)590 70 170
fax: +386 (0)590 70 177
gsm: +386 (0)31 816 400
web: www.teamintell.com
e-mail: info@...mintell.com


Disclaimer:
===========

The content of this report is purely informational and 
meant for educational purposes only. Maldin d.o.o. shall 
in no event be liable for any damage whatsoever, direct or 
implied, arising from use or spread of this information. 
Any use of information in this advisory is entirely at 
user's own risk.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ