Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13085
HistoryJun 11, 2006 - 12:00 a.m.

[MajorSecurity #11]OpenCMS<= 6.2.1 - XSS

2006-06-1100:00:00
vulners.com
55

[MajorSecurity #11]OpenCMS<= 6.2.1 - XSS

Software: OpenCMS

Version: <=6.2.1

Type: Cross site scripting

Date: June, 10th 2006

Vendor: Alkacon Software GmbH

Page: http://www.alkacon.com
http://www.opencms.org/opencms/en/

Credits:

Discovered by: David "Aesthetico" Vieira-Kurz
http://www.majorsecurity.de

Original Advisory:

http://www.majorsecurity.de/advisory/major_rls11.txt

Affected Products:

OpenCMS 6.2.1 and prior

Description:

OpenCms is a professional level Open Source Website Content Management System.

Requirements:

register_globals = On

Vulnerability:

Input passed to the search inputbox/query is not properly verified.
This can be exploited to accomplish cross site sctipting attacks.

Solution:

Edit the source code to ensure that input is properly sanitised.
You should work with "htmlspecialchars()" or "strip_tags()" php-function to ensure that html tags
are not going to be executed.

Example:
<?php
echo htmlspecialchars("<script");
?>

Set "register_globals" to "Off".

Exploitation:

Goto the search query/inputbox and type in following line as searchword:

<script>alert("MajorSecurity")</script>