SecurityvulnsSECURITYVULNS:DOC:11554[KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability
[KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability
KAPDA New advisory
Vulnerable products : Runcms 1.x
Vendor: www.runcms.org
Risk: Low
Vulnerabilities: Cross_Site_Scripting
Discoverd by Roozbeh Afrasiabi
roozbeh[at]yahoo[dot]com
www.kapda.ir
www.persiax.com
Date :
Found : Jan 28 2006
Vendor Contacted : N/A
About :
"Runcms Includes most things a webmaster would expect from a cms: downloads,links, tutorials section, polls,
forums, news, faq, contact form,rss feeds,file uploads, blogging via xml-rpc, & more. Possibility to manage
users as groups with module/block specific access permissions, and extend functioality via 3rd party module
plug-ins. Has a simple yet good themability.
Easy enough to use for users, while staying simple enough to extend & customize for coders." (from
runcms.org)
Vulnerability:
Cross_Site_Scripting :
RUNCMS is affected by a cross-site scripting vulnerability. This issue is due to the failure of the
application to properly sanitize user-
supplied input.
As a result of this vulnerability, it is possible for a remote attacker to create a malicious link
containing script code that will be executed in the browser of an unsuspecting user when followed.
Detail and PoC :
The application does not validate the "lid" variable upon submission
to ratefile.php.
h**p://[target]/public/modules/downloads/ratefile.php?lid={number}">[code]
Solution :
N/A
Original Advisory :
http://kapda.ir/advisory-267.html
Especial thanks to:
All KAPDA members
Credit :
Discoverd by Roozbeh Afrasiabi
roozbeh_afrasiabi[at]yahoo[dot]com
www.kapda.ir
www.persiax.com