Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[MajorSecurity Advisory #29]foresite CMS - Cross Site Scripting Issue

from [admin] Network Security [Permanent Link]
Subject: [MajorSecurity Advisory #29]foresite CMS - Cross Site Scripting Issue
Date: 29 Oct 2006 12:39:14 -0000 
[MajorSecurity Advisory #29]foresite CMS - Cross Site Scripting Issue

Details
=======
Product: ForeSite CMS
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.foresite.ch
Vendor-Status: informed
Advisory-Status: published

Credits
============
Discovered by: David Vieira-Kurz
http://www.majorsecurity.de

Original Advisory:
============
http://www.majorsecurity.de/index_2.php?major_rls=major_rls29

Introduction
============
foresite CMS is a content management system.

More Details
============
XSS:
Input passed directly to the "query" parameter in "search_de.html" is not 
properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's 
browser session in context of an affected site.

Fix
===
None

Solution
=============
Edit the source code to ensure that input is properly sanitised.
You should work with "htmlspecialchars()" or "htmlentities()" php-function to 
ensure that html tags
are not going to be executed. Further it is recommend to set off the "register 
globals" option in the
"php.ini" on your webserver.

Example:
$pass = htmlentities($_POST['pass']);
$test = htmlspecialchars($_GET('test'));
$id = intval($_POST['id']);
?>

History/Timeline
================
18.08.2006 discovery of the vulnerability
19.08.2006 additional tests with other versions
20.08.2006 contacted the vendor
05.09.2006 after 2 weeks the vendor didn't response
05.09.2006 contacted the vendor again
05.10.2006 vendor didn't response 
27.10.2006 advisory is written
29.10.2006 advisory released

MajorSecurity
=======
MajorSecurity is a German penetration testing and hacking security project
which consists of only one person at the present time.
I am looking for a partnership.
You can find more Information on the MajorSecurity Project at
http://www.majorsecurity.de/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [MajorSecurity Advisory #29]foresite CMS - Cross Site Scripting Issue, admin <=
Previous by Date:  easy notes manager sql injection and authentication bypass, poplix
Next by Date:  Re: imageVue16.1 upload vulnerability, mjau
Previous by Thread:  easy notes manager sql injection and authentication bypass, poplix
Next by Thread:  Re: imageVue16.1 upload vulnerability, mjau
Indexes:  [Date] [Thread] [Top] [All Lists]