TUCoPS :: Web :: CMS / Portals :: b06-2889.htm

CFXe-CMS <= 2.0 - XSS
CFXe-CMS <= 2.0 - XSS
CFXe-CMS <= 2.0 - XSS


[MajorSecurity #14]CFXe-CMS <= 2.0 - XSS=0D
----------------------------------------------=0D
=0D
Software: CFXe-CMS=0D
=0D
Version: <=2.0=0D
=0D
Type: Cross site scripting=0D
=0D
Date: June, 10th 2006=0D
=0D
Vendor: Creanet Internet Service AG=0D
=0D
Page: http://www.cms-cfx.ch=0D 
=0D
=0D
Credits:=0D
----------------------------=0D
=0D
Discovered by: David "Aesthetico" Vieira-Kurz=0D
http://www.majorsecurity.de=0D 
=0D
Original Advisory:=0D
----------------------------=0D
http://www.majorsecurity.de/advisory/major_rls14.txt=0D 
=0D
Affected Products:=0D
----------------------------=0D
=0D
CFXe-CMS 2.0 and prior=0D
=0D
Description:=0D
----------------------------=0D
=0D
CFXe-CMS is a commercial Content Management System.=0D
=0D
Requirements:=0D
----------------------------=0D
=0D
register_globals = On=0D
=0D
Vulnerability:=0D
----------------------------=0D
=0D
Input passed to the searchform input fields("search.cfm") is not properly sanitised before being returned to the user.=0D
This can be exploited to execute arbitrary HTML and script code in context of an affected site.=0D
=0D
=0D
Solution:=0D
----------------------------=0D
Edit the source code to ensure that input is properly sanitised.=0D
You should work with "htmlspecialchars()" or "strip_tags()" php-function to ensure that html tags=0D
are not going to be executed.=0D
=0D
Example:=0D
=0D
=0D
Set "register_globals" to "Off".=0D
=0D
Exploitation:=0D
---------------------------=0D
Goto the searchform input fields and type in following line as searchword:=0D
=0D
=0D
=0D
=0D
=0D
=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH