by r0t,der4444,cembo,VietMafia

Wednesday, December 21, 2005

Redakto WCMS multiple XSS vuln.

Redakto WCMS multiple XSS vuln.

Vuln. discovered by : r0t
Date: 21 dec. 2005
vendor:http://computeroil.com/
affected version:3.2 and prior

Product Description:

With our Content Management System Redakto, you and your team, can easily maintain, organize anddesign your web presentation. No coding skills or alike are needed to get you up and running.Still you will get all the flexibility to adjust your website to your needs.
Within minutes you will be able to start filling your content, insert images, documents, importyour Word/Excel Files, generate multilingual websites and much more. Redakto offers you aintuitive and easy to use User interface and can be used with every browser.


Vuln. Description:

Redakto WCMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "iid/iid2" "lang" "r" "cart" "str" "nf" "a" and search module parameters isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

examples:


/index.tpl?iid=[XSS]

/index.tpl?iid=l3a1b3&lang=[XSS]

/index.tpl?iid=l3a1b3&lang=1&iid2=[XSS]

/index.tpl?iid=l3a1b3&lang=1&iid2=3&r=[XSS]

/index.tpl?iid=l093a1b1&lang=1&iid2=[iid2]&r=
[r]&cart=[XSS]

/index.tpl?iid=l093a1b1&lang=1&iid2=[iid2]&r=
[r]&cart=11351542306899006&str=[XSS]

/index.tpl?a=search_adv&cart=113515443393191
01&lang=1&iid=13&nf=[XSS]

/index.tpl?a=[XSS]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew