by r0t,der4444,cembo,VietMafia

Saturday, December 17, 2005

contenite XSS vuln.

contenite XSS vuln.

Vuln. discovered by : r0t
Date: 17 dec. 2005
vendor:http://contenite.de/
affected version: 0.11 and prior

Product Description:

A CMS that stays out of your way contenite is an embedded content management system (eCMS) which is simple, powerful, and flexible. Now there are no more excuses not to update the frontpage of your online shop every week or to create a more pleasant looking entry page for your online forum or community site. - now. contenite is simple to set up through a web-based installer. It is simple to run - it only needs PHP, no database. It is powerful because there is a host of content types that are bundled with the system. It is flexible because the set of content types is extensible through a simple, object-oriented programming interface. contenite is not for every site. Its architecture makes it well suited for brochure sites with little interaction and few editors. For the web presence of a small to medium enterprise (SME), it is probably all you'll ever need. contenite is a breeze to add to static pages and works well to add this little extra flexibility to your existing CMS. It doesn't insist to manage complete pages. It just cares for those dynamic pieces within. Of course, it can manage your whole site if you like.


Vuln. Description:

Contenite contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "id" paremter in "home.php" isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

example:

/home.php?id=[XSS]


Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew