newangels-11.txt

`[newangels-team.eu #11] FreeWebshop - Cross Site Scripting & SQL Injection Vulnerabilities  
===========================================================================================   
  
Vendor site => http://www.sensesites.com/  
  
Date:  
Jun 13 2006  
  
Risk = MEDIUM  
  
Version:  
5.0  
  
Credit:  
=======  
NewAngels Team - Discovered By LBDT - newangels-team.eu  
  
Description:  
CommonSense CMS is a Content Management System that is designed for  
content-rich websites created for displaying  
AdSense™ ads or affiliate banners. Combined with our prebuilt content  
collections and auto-update network, it is a  
powerful platform for instantly creating profitable and successful websites.  
  
Affected file:  
search.php  
  
There're no filters to special chars like <, >, /, etc. Then an attacker can  
execute html code. Chars  
like ' and " are replaced by a \ but that's not a problem to a good  
attacker, lol...  
  
foreach(explode(" ", $SEARCH) as $t)  
{  
$t = ereg_replace("['`]", "", $t);  
$t = ereg_replace("[^a-zA-Z0-9_]", " ", $t);  
if(strlen($t) > 3)  
$queries[] = $t;  
}  
  
Example:  
http://www.site.com/search.php?q=[XSS]&t=1<http://www.site.com/search.php?q=%5BXSS%5D&t=1>  
  
Google search -> "Powered by CommonSense CMS script"  
`