<<< Date Index >>>     <<< Thread Index >>>

[MajorSecurity #11]OpenCMS<= 6.2.1 - XSS



[MajorSecurity #11]OpenCMS<= 6.2.1 - XSS
------------------------------------------

Software: OpenCMS

Version: <=6.2.1

Type: Cross site scripting

Date: June, 10th 2006

Vendor: Alkacon Software GmbH  

Page: http://www.alkacon.com
      http://www.opencms.org/opencms/en/


Credits:
----------------------------

Discovered by: David "Aesthetico" Vieira-Kurz
http://www.majorsecurity.de

Original Advisory:
----------------------------
http://www.majorsecurity.de/advisory/major_rls11.txt

Affected Products:
----------------------------

OpenCMS 6.2.1 and prior

Description:
----------------------------

OpenCms is a professional level Open Source Website Content Management System.

Requirements:
----------------------------

register_globals = On

Vulnerability:
----------------------------

Input passed to the search inputbox/query is not properly verified.
This can be exploited to accomplish cross site sctipting attacks.


Solution:
----------------------------
Edit the source code to ensure that input is properly sanitised.
You should work with "htmlspecialchars()" or "strip_tags()" php-function to 
ensure that html tags
are not going to be executed.

Example:
<?php
  echo htmlspecialchars("<script");
?>

Set "register_globals" to "Off".

Exploitation:
---------------------------
Goto the search query/inputbox and type in following line as searchword:

<script>alert("MajorSecurity")</script>