by r0t,der4444,cembo,VietMafia

Saturday, December 17, 2005

AWF (Adaptive Website Framework) vuln.

AWF (Adaptive Website Framework) vuln.

Vuln. discovered by : r0t
Date: 17 dec. 2005
vendor:http://www.awf-cms.org
affected version:2.10 and prior

Product Description:

AWF (Adaptive Website Framework) by Liquid Bytes is a Web framework, CMS, Web portal, news system, online community, etc. Its purpose is to simplify Web site creation and present content efficiently. It features design/content separation, multiple designs (themes), personalized page layout, a WYSIWYG editor, a package installer for adding new features with just one click, user/group-management, messaging/community modules, access protection of single pages or site sections, efficient caching, easy to use API functions, export options for documents, the ability to integrate Unix shell scripts or embed PHP code, and support for nearly unlimited languages, documents, and users.



Vuln. Description:

1. XSS
AWF contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "page" paremter isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

2. full path
AWF does not verify user input supplied to the "mode" paremter. A malicious person can exploit this to gain knowledge of the full path to the installation directory by sending a HTTP request including invalid input to those paremters.

examples:

/community/account.html?page=[XSS]
/community.html?mode=x

Solution:
Edit the source code to ensure that input is properly sanitised.

1 Comments:

Anonymous Michael Mayer told...

Thanks for your help with finding security bugs. They are fixed now :)

12:44 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew