by r0t,der4444,cembo,VietMafia

Saturday, December 17, 2005

Amaxus vuln.

Amaxus vuln.

Vuln. discovered by : r0t
Date: 17 dec. 2005
vendor:http://www.boxuk.com/
affected version: 3 and prior

About Amaxus

Amaxus is Box UK's XML Content Management System, currently delivering hundreds of thousands of documents for a wide variety of organisations.

Amaxus drives the websites for:

* An organisation with 42,000 employees
* A £1.4billion security company
* An organisation with over 60,000 images
* The largest maritime museum in the world
* A 100-million album selling band
* The most famous war museum in the world
* A Central-Government department
* 7000 NHS users (Intranet)
* A Government education site with 20,000 registered users
* A site which receives 2.8 million unique users a year
* A site which has won two prestigious accessibility awards
* The home of Greenwich Mean Time
* An NHS Strategic Health Authority serving 1.4 million people

Amaxus:

* Was recently chosen out of 150 other CMS providers by the Government
* Beat off 123 other companies in an OJEC (European Union) tender

Vuln. Description:

Amaxus contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "change" paremter isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.



example:

/?search_word=&search.x=20&search.y=4&change=[XSS]


bonnus:)

/?search_word=&search.x=20&search.y=4&change=../

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew