by r0t,der4444,cembo,VietMafia

Saturday, December 17, 2005

Caravel CMS XSS

Caravel CMS XSS

Vuln. discovered by : r0t
Date: 17 dec. 2005
vendor:http://caravelcms.org/
affected version:3.0 Beta 1 and prior


Product Description:

Caravel is an open source, enterprise-grade CMS targetted at large distributed non-profits, denominations, universities, K12 districts, ISP's, municipalities and businesses. It offers WYSIWYG browser-based site editing on Mac, PC and Linux. Scales to thousands of sites. Offers specialty features like dynamic site generation, default site inheritance, project management, draggable columns and content blocks, Apache integration, and more.


Vuln. Description:

Caravel contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "folderviewer_attrs" "fileDN" paremters in multiple files isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

some examples:

/Introduction?&CB=CB1&fileDN=[XSS]

/Community/News?&CB=CB1&fileDN=[XSS]

/Community/News?&CB=CB1&fileDN=mnF%3
Djune2005.html%2CmnOD%3DNewsletter%2
CmnOD%3DMy%20Documents%2Cdc%3Demanuel
%2Cdc%3Dmennonite%2Cdc%3Dnet&folderv
iewer_attrs=[XSS]

/Introduction?&CB=CB1&fileDN=mnF%3D2.
3.html%2CmnOD%3DNews%2CmnOD%3DMy%20D
ocuments%2Cdc%3Demanuel%2Cdc%3Dmenno
nite%2Cdc%3Dnet&folderviewer_attrs=[XSS]


Solution:
Edit the source code to ensure that input is properly sanitised.

1 Comments:

Anonymous fantasy footblal player rankings told...

Keep up the good work with your blog! I am booking marking it now so I can come back...

Thanks,

fantasy footblal player rankings

11:44 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew