[UNIX] Travelsized CMS Multiple Cross Site Scripting Issues
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 20 Nov 2006 13:27:58 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Travelsized CMS Multiple Cross Site Scripting Issues
------------------------------------------------------------------------
SUMMARY
<http://leinir.dk/travelsized/> Travelsized CMS is "a content management
system made only using PHP". Multiple cross site scripting vulnerabilities
have been found in the Travelsized product.
DETAILS
Vulnerable Systems:
* Travelsized CMS version 0.4.1 and prior
Cross Site Scripting:
Input passed directly to the "page", "page_id" and "language" parameter in
"index.php" is not properly sanitized before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.
Solution:
Edit the source code to ensure that input is properly sanitized. You
should work with "htmlspecialchars()" or "htmlentities()" php-function to
ensure that HTML tags are not going to be executed. Further it is
recommend to set off the "register globals" option in the "php.ini" on
your webserver.
Example:
$pass = htmlentities($_POST['pass']);
$test = htmlspecialchars($_GET('test'));
?>
History/Timeline:
09.11.2006 discovery of the vulnerabilities
10.11.2006 additional tests with other versions
11.11.2006 contacted the vendor
18.11.2006 advisory is written
18.11.2006 advisory released
ADDITIONAL INFORMATION
The information has been provided by David Vieira-Kurz.
The original article can be found at:
<http://www.majorsecurity.de/index_2.php?major_rls=major_rls35>
http://www.majorsecurity.de/index_2.php?major_rls=major_rls35
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [UNIX] dev4u CMS Multiple SQL Injection and Cross Site Scripting Issues
- Next by Date: [UNIX] iodine Client Buffer Overflow (handshake())
- Previous by thread: [UNIX] dev4u CMS Multiple SQL Injection and Cross Site Scripting Issues
- Next by thread: [UNIX] iodine Client Buffer Overflow (handshake())
- Index(es):
Relevant Pages
|
