lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CALH-=7xLL2+_pmuvMGVzfuoW-7qfKnuUOoz+SfJYH8x64-=GrQ@mail.gmail.com>
Date: Sun, 4 Jan 2015 16:09:28 +0100
From: Steffen Rösemann <steffen.roesemann1986@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] Reflecting XSS vulnerability in CMS Sefrengo v.1.6.0

Advisory: Reflecting XSS vulnerability in CMS Sefrengo v.1.6.0
Advisory ID: SROEADV-2014-06
Author: Steffen Rösemann
Affected Software: CMS Sefrengo v.1.6.0
Vendor URL: http://www.sefrengo.org/
Vendor Status: solved
CVE-ID: -

==========================
Vulnerability Description:
==========================

The CMS Sefrengo v. 1.6.0 contains a reflecting XSS vulnerability in its
administrative backend.

==================
Technical Details:
==================

The CMS Sefrengo v.1.6.0 contains a reflecting XSS vulnerability in its
administrative backend, which resides in the main.php file:

http://{TARGET}/backend/main.php?area=user&idgroup=0&order=&ascdesc=ASC&searchterm=&page=1


Via the parameter "searchterm", an attacker is able to craft a link with
arbitrary HTML- and/or JavaScript-code which gets executed, if clicked on.

Exploit-Example:

http://{TARGET}/backend/main.php?area=user&idgroup=0&order=&ascdesc=ASC&searchterm=<script>alert(document.cookie)</script><!--&page=1



=========
Solution:
=========

Update to the latest version.


====================
Disclosure Timeline:
====================
28-Dec-2014 – found the vulnerability
28-Dec-2014 - informed the developers
28-Dec-2014 – release date of this security advisory [without technical
details]
04-Jan-2015 - patch by vendor
04-Jan-2015 - release date of this security advisory
04-Jan-2015 - post to lists


========
Credits:
========

Vulnerability found and advisory written by Steffen Rösemann.

===========
References:
===========

http://www.sefrengo.org/
http://sroesemann.blogspot.de

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists