Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12717
HistoryMay 18, 2006 - 12:00 a.m.

[Full-disclosure] Multiple Vulns in Bitrix CMS

2006-05-1800:00:00
vulners.com
52
JSON

Multiple Vulns in Bitrix CMS
Vendor bitrix.com
Version The latest one (4.1.x)
Severity Medium
Patched: No

Multiple vulnerabilities discovered in Bitrix CMS. A remote attacker can conduct XSS attacks and compromise
vulnerable system.

  1.  A remote attacker can get information about version history and latest installed version of Bitrix

CMS by viewing the /bitrix/updates/updater.log file.
Ex: http://www.bitrix.ru/bitrix/updates/updater.log
2. XSS vulnerability exists in handling of redirects in the auth form (and possibly other forms) during
HTTP POST request. Remote user can set the back_url hidden field to remote site and redirect victim to a
malicious Web page.
3. Script injection vulnerability exists in administrative interface in handling of HTML strings.
Ex: &quot;&gt;&lt;script&gt;alert('XSS')&lt;/script&gt; will be interpreted as "><script>alert('XSS')
</script> and executed. (tested with mozilla firefox)
4. Vulnerability exists in the Update functionality of Bitrix CMS. Remote attacker can poison DNS cache
of victims system and force it to connect to a malicious Web server. Bitrix update client does not even try
to validate the server it connects to. A remote attacker can get md5 hash of the Key product, detailed
information about the system and install and later execute malicious PHP scripts.

Gogi The Georgian

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

JSON