by r0t,der4444,cembo,VietMafia

Wednesday, December 21, 2005

papaya CMS XSS vuln.

papaya CMS XSS vuln.

Vuln. discovered by : r0t
Date: 21 dec. 2005
vendor:http://www.papaya-cms.com/
affected version: 4.0.4 and prior

Product Description:

papaya CMS content management system and framework was designed for individual, mid-sized and enterprise wide deployments. The papaya CMS meets large-scaled project requirements and offers extremely short implementation times. Since 2001, papaya CMS has been deployed at high profile customers such as AGOF (members include: AOL, GMX, Bauer, Gruner & Jahr, Web.de, Yahoo Inc., Lycos Inc. etc.), DHL and the Handelsblatt publishing group. papaya is based on proven OpenSource technologies as PHP, XSLT/XML and supports RDBS (e.g. MySQL and PostgreSQL). papaya is OpenSource software (under GPL-license) since 2005. papaya Software GmbH delivers website creation and custom application development. More information: www.papaya-cms.com PLEASE NOTE: The website is only available in german until mid of June, 2005. The GUI and the documentation is already available in english. In the meantime, feel free to check http://www.lamparea.org/papaya_software.28.html for a short description or to contact the maintainer of this project for further information.

Vuln. Description:

papaya CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "bab[searchfor]" paremter isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

example:

/suche.153.html?bab[page]=6&bab[searchfor]=[XSS]

Solution:
Edit the source code to ensure that input is properly sanitised.

1 Comments:

Anonymous Anonymous told...

Hi,

if you find exploits/bugs, it would be really nice if you would inform the projects...

Thanks a lot & best regards,
papaya Team

4:23 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew