|
[MajorSecurity #12]ZMS<= 2.9 - XSS=0D
------------------------------------------=0D
=0D
Software: ZMS=0D
=0D
Version: <=2.9=0D
=0D
Type: Cross site scripting=0D
=0D
Date: June, 10th 2006=0D
=0D
Vendor: Hoffmann+Liebenberg GmbH, SNTL Publishing GmbH & CO KG =0D
=0D
Page: http://www.zms-publishing.com=0D
=0D
=0D
Credits:=0D
----------------------------=0D
=0D
Discovered by: David "Aesthetico" Vieira-Kurz=0D
http://www.majorsecurity.de=0D
=0D
Original Advisory:=0D
----------------------------=0D
http://www.majorsecurity.de/advisory/major_rls12.txt=0D
=0D
Affected Products:=0D
----------------------------=0D
=0D
ZMS 2.9 and prior=0D
=0D
Description:=0D
----------------------------=0D
=0D
ZMS is a ZOPE-based content management system for science, technology and medicine.=0D
=0D
Requirements:=0D
----------------------------=0D
=0D
register_globals = On=0D
=0D
Vulnerability:=0D
----------------------------=0D
=0D
Input passed to the searchform input fields is not properly sanitised before being returned to the user.=0D
This can be exploited to execute arbitrary HTML and script code in context of an affected site.=0D
=0D
=0D
Solution:=0D
----------------------------=0D
Edit the source code to ensure that input is properly sanitised.=0D
You should work with "htmlspecialchars()" or "strip_tags()" php-function to ensure that html tags=0D
are not going to be executed.=0D
=0D
Example:=0D
=0D
=0D
Set "register_globals" to "Off".=0D
=0D
Exploitation:=0D
---------------------------=0D
Goto the searchform input fields and type in following line as searchword:=0D
=0D
=0D
=0D