by r0t,der4444,cembo,VietMafia

Saturday, December 17, 2005

e-publish CMS vuln.

e-publish CMS vuln.

Vuln. discovered by : r0t
Date: 17 dec. 2005
vendor:http://www.e-publish.gr/
affected version:v2.0 and prior

Product Description:

The e-publish web application is a content management system that is perfect for publishing newspapers, magazines or any other content, over the Internet. It is very convenient to manage the contents of the site with an easy and quick way throught the administration module. No special knowledge is required. e-publish integrates with a banner campaign utility. Throught this service the site owner can administer any advertizing banner campaign in the site. Available also in multilingual edition.

Vuln. Description:

1. SQl inj.

e-publish contains a flaw that allows a remote sql injection attacks.Input passed to the "id" parameter in "printer_friendly.cfm" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code

2. XSS

e-publish contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "obcatid" and "comid" paremter isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

examples:

/printer_friendly.cfm?id=[SQL]

/show.cfm?id=274&obcatid=10[XSS]

/show.cfm?id=279&how=5&obcatid=9&shfrm=
1&comid=[XSS]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew