Lucene search
newangels-11.txt
ποΈΒ 12 Jul 2006Β 00:00:00Reported byΒ LBDTTypeΒ 
Β packetstormπΒ packetstormsecurity.comπΒ 22Β Views
FreeWebshop Vulnerabilities on CommonSense CMS search.php
Show more
`[newangels-team.eu #11] FreeWebshop - Cross Site Scripting & SQL Injection Vulnerabilities
===========================================================================================
Vendor site => http://www.sensesites.com/
Date:
Jun 13 2006
Risk = MEDIUM
Version:
5.0
Credit:
=======
NewAngels Team - Discovered By LBDT - newangels-team.eu
Description:
CommonSense CMS is a Content Management System that is designed for
content-rich websites created for displaying
AdSenseΒ ads or affiliate banners. Combined with our prebuilt content
collections and auto-update network, it is a
powerful platform for instantly creating profitable and successful websites.
Affected file:
search.php
There're no filters to special chars like <, >, /, etc. Then an attacker can
execute html code. Chars
like ' and " are replaced by a \ but that's not a problem to a good
attacker, lol...
foreach(explode(" ", $SEARCH) as $t)
{
$t = ereg_replace("['`]", "", $t);
$t = ereg_replace("[^a-zA-Z0-9_]", " ", $t);
if(strlen($t) > 3)
$queries[] = $t;
}
Example:
http://www.site.com/search.php?q=[XSS]&t=1<http://www.site.com/search.php?q=%5BXSS%5D&t=1>
Google search -> "Powered by CommonSense CMS script"
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo12 Jul 2006 00:00Current
7.4High risk
Vulners AI Score7.4