[UNIX] Travelsized CMS Multiple Cross Site Scripting Issues



The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



Travelsized CMS Multiple Cross Site Scripting Issues
------------------------------------------------------------------------


SUMMARY

<http://leinir.dk/travelsized/> Travelsized CMS is "a content management
system made only using PHP". Multiple cross site scripting vulnerabilities
have been found in the Travelsized product.

DETAILS

Vulnerable Systems:
* Travelsized CMS version 0.4.1 and prior

Cross Site Scripting:
Input passed directly to the "page", "page_id" and "language" parameter in
"index.php" is not properly sanitized before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.

Solution:
Edit the source code to ensure that input is properly sanitized. You
should work with "htmlspecialchars()" or "htmlentities()" php-function to
ensure that HTML tags are not going to be executed. Further it is
recommend to set off the "register globals" option in the "php.ini" on
your webserver.

Example:
$pass = htmlentities($_POST['pass']);
$test = htmlspecialchars($_GET('test'));
?>

History/Timeline:
09.11.2006 discovery of the vulnerabilities
10.11.2006 additional tests with other versions
11.11.2006 contacted the vendor
18.11.2006 advisory is written
18.11.2006 advisory released


ADDITIONAL INFORMATION

The information has been provided by David Vieira-Kurz.
The original article can be found at:
<http://www.majorsecurity.de/index_2.php?major_rls=major_rls35>
http://www.majorsecurity.de/index_2.php?major_rls=major_rls35



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.



Relevant Pages

  • [NEWS] Openfire Multiple Vulnerabilities
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Openfire Multiple Vulnerabilities ...
    (Securiteam)
  • [UNIX] Gregarius XSS and SQL Injection Vulnerabilities
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Gregarius XSS and SQL Injection Vulnerabilities ... The following URL can used to trigger a cross site scripting vulnerability ...
    (Securiteam)
  • [NEWS] FishCart SQL Injection and Cross Site Scripting Vulnerabilities
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... FishCart has been tested on ... cross site scripting vulnerabilities. ... The following two pages contain exploitable SQL injection vulnerabilities, ...
    (Securiteam)
  • [UNIX] Multiple Vulnerabilities MetaDot Portal Server
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... SQL Injection: ... query he can cause an error message to execute script into an unsuspecting ... users browser thus causing a Cross Site Scripting attack. ...
    (Securiteam)
  • [UNIX] Multiple Vulnerabilities in Tutos (Cross Site Scripting, Path Disclosure, SQL Injection)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Cross Site Scripting: ... Multiple exploitable pages were found in Tutos that cause script execution ... These vulnerabilities would allow a remote user to determine the full path ...
    (Securiteam)