Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17776
HistoryAug 14, 2007 - 12:00 a.m.

eXV2.de Browser Cookie is not properly sanitised

2007-08-1400:00:00
vulners.com
76
JSON

Details

Product: eXV2.de CMS <= 2.0.5.
Severity: moderated
Remote-Exploit: yes
Vendor-URL: http://www.exv2.de/
Vendor-Status: informed
Advisory-Status: published

Credits

Discovered by: Vision aka n-tier
http://www.i-s-o.org

Original Advisory:

http://www.i-s-o.org/security.txt

Introduction

eXV2.de CMS is a Content Management System.

More Details

  1. Cross Site Scripting:
    Input passed directly to the "set_lang" parameter in the Browser Cookie is not properly sanitised before being returned to the user.
    A user can sent a cookie to himself with ?/set_lang=deutsch and edit it.
    This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Workaround: [Cross Site Scripting]

Edit the source code to ensure that input is properly sanitised.

Example:

$my_Cookie_Vars = $_COOKIE;

if (isset($my_Cookie_Vars['set_lang'])){
if (($my_Cookie_Vars['set_lang'] == "deutsch")||($my_Cookie_Vars['set_lang'] == "english")||($my_Cookie_Vars['set_lang'] == "french")) {
} else {
$abuse = true;
$xoopsConfig['language'] = $xoopsConfig['default_language'];
}
}

if ($abuse){
die("The desired action could not be performed.");
}

History/Timeline

7.08.2007 discovery of the vulnerabilities
8.08.2007 additional tests with other versions
10.08.2007 contacted the vendor

JSON