Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: b06-2996.htm

SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities



SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities
SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities



[MajorSecurity #17] SixCMS <= 6 - Multiple XSS and directory traversal vulnerabilities=0D
----------------------------------------------=0D
=0D
Software: SixCMS=0D
=0D
Version: <=6=0D
=0D
Type: Cross site scripting=0D
=0D
Date: June, 12th 2006=0D
=0D
Vendor: Six Offene Systeme GmbH=0D
=0D
Page: http://www.sixcms.de=0D 
=0D
=0D
Credits:=0D
----------------------------------------------=0D
=0D
Discovered by: David "Aesthetico" Vieira-Kurz=0D
http://www.majorsecurity.de=0D 
=0D
Original Advisory:=0D
----------------------------------------------=0D
http://www.majorsecurity.de/advisory/major_rls17.txt=0D 
=0D
Affected Products:=0D
----------------------------------------------=0D
=0D
SixCMS 6 and prior=0D
=0D
Description:=0D
----------------------------------------------=0D
=0D
SixCMS is a well known and commercial enterprise Content Management System.=0D
=0D
Requirements:=0D
----------------------------------------------=0D
=0D
register_globals = On=0D
=0D
Vulnerability:=0D
----------------------------------------------=0D
=0D
Input passed to the "template" parameter in "detail.php" is not=0D
properly verified, before it is used to execute the given arguments.=0D
=0D
Acquiring access to known files outside of the web root and current directory=0D
is possible through directory traversal techniques.=0D
This is made possible through the use of "../../" in a HTTP request.=0D
=0D
Input passes to the "page" parameter in "list.php" is not properly sanitised,=0D
before it is used to execute the given arguments.=0D
This can be exploited to execute arbitrary HTML and script code in context of an affected site.=0D
=0D
=0D
Solution:=0D
----------------------------------------------=0D
Edit the source code to ensure that input is properly sanitised.=0D
You should work with "htmlspecialchars()" or "strip_tags()" php-function to ensure that html tags=0D
are not going to be executed.=0D
=0D
Example:=0D
=0D
=0D
Set "register_globals" to "Off".=0D
=0D
Examples:=0D
----------------------------------------------=0D
/detail.php?template=../../../../../../etc/passwd%00=0D
/list.php?page==0D
=0D


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH