by r0t,der4444,cembo,VietMafia

Sunday, December 18, 2005

Magnolia XSS vuln.

Magnolia XSS vuln.

Vuln. discovered by : r0t
Date: 18 dec. 2005
vendor:http://www.magnolia.info
affected version:2.1 and prior

Product Description:

Magnolia is the free, open source, J2EE deployable content management system (CMS) developed by obinary. Magnolia is written in Java and uses the upcoming standard API for Java-based content repositories (JCR) to access its content. It has an easy to use web-browser interface, a clear API and a useful custom tag library for easy templating in JSP and Servlets.
Magnolia is the first open-source content-management-system (CMS) which has been built from scratch to support the upcoming standard API for java content repositories (JCR).
Its main goal is ease of use for all parties involved in running a CMS.
Magnolia is distributed as a double-clickable binary installer. It includes everything you need to get you started with a standalone installation in less than 10 minutes. Magnolia runs on all common operating-systems (JDK 1.4.1 or later required). No additional software or databases are needed.
Magnolia Content Management features a very flexible structure, platform-independence through the use of Java and XML, a simple to use API, easy templating through the use of JSP, JSTL and a custom tag library, automatic administrative UI generation, transparent and uniform data access to multiple data repositories, easy configuration through XML, easy application integration and easy deployment with professional staging on any J2EE Server.
Magnolia is actively being developed by obinary. It is available free of charge as an open source product. We provide a binary download based on tomcat for easy deployment on Mac OS X, Windows, Linux and Solaris.


Vuln. Description:

Magnolia contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to the "query" paremter isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

example:

/search.html?query=[XSS]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew