Search...

newangels-11.txt

2006-07-12T00:00:00

ID PACKETSTORM:48172
Type packetstorm
Reporter LBDT
Modified 2006-07-12T00:00:00

Description

                                        
                                            `[newangels-team.eu #11] FreeWebshop - Cross Site Scripting & SQL Injection Vulnerabilities  
===========================================================================================   
  
Vendor site =&gt; http://www.sensesites.com/  
  
Date:  
Jun 13 2006  
  
Risk = MEDIUM  
  
Version:  
5.0  
  
Credit:  
=======  
NewAngels Team - Discovered By LBDT - newangels-team.eu  
  
Description:  
CommonSense CMS is a Content Management System that is designed for  
content-rich websites created for displaying  
AdSense ads or affiliate banners. Combined with our prebuilt content  
collections and auto-update network, it is a  
powerful platform for instantly creating profitable and successful websites.  
  
Affected file:  
search.php  
  
There're no filters to special chars like &lt;, &gt;, /, etc. Then an attacker can  
execute html code. Chars  
like ' and " are replaced by a \ but that's not a problem to a good  
attacker, lol...  
  
foreach(explode(" ", $SEARCH) as $t)  
{  
$t = ereg_replace("['`]", "", $t);  
$t = ereg_replace("[^a-zA-Z0-9_]", " ", $t);  
if(strlen($t) &gt; 3)  
$queries[] = $t;  
}  
  
Example:  
http://www.site.com/search.php?q=[XSS]&t=1&lt;http://www.site.com/search.php?q=%5BXSS%5D&t=1&gt;  
  
Google search -&gt; "Powered by CommonSense CMS script"  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:48172", "type": "packetstorm", "bulletinFamily": "exploit", "title": "newangels-11.txt", "description": "", "published": "2006-07-12T00:00:00", "modified": "2006-07-12T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/48172/newangels-11.txt.html", "reporter": "LBDT", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:29:10", "viewCount": 1, "enchantments": {"score": {"value": -0.3, "vector": "NONE", "modified": "2016-11-03T10:29:10", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:29:10", "rev": 2}, "vulnersScore": -0.3}, "sourceHref": "https://packetstormsecurity.com/files/download/48172/newangels-11.txt", "sourceData": "`[newangels-team.eu #11] FreeWebshop - Cross Site Scripting & SQL Injection Vulnerabilities \n=========================================================================================== \n \nVendor site => http://www.sensesites.com/ \n \nDate: \nJun 13 2006 \n \nRisk = MEDIUM \n \nVersion: \n5.0 \n \nCredit: \n======= \nNewAngels Team - Discovered By LBDT - newangels-team.eu \n \nDescription: \nCommonSense CMS is a Content Management System that is designed for \ncontent-rich websites created for displaying \nAdSense\u0099 ads or affiliate banners. Combined with our prebuilt content \ncollections and auto-update network, it is a \npowerful platform for instantly creating profitable and successful websites. \n \nAffected file: \nsearch.php \n \nThere're no filters to special chars like <, >, /, etc. Then an attacker can \nexecute html code. Chars \nlike ' and \" are replaced by a \\ but that's not a problem to a good \nattacker, lol... \n \nforeach(explode(\" \", $SEARCH) as $t) \n{ \n$t = ereg_replace(\"['`]\", \"\", $t); \n$t = ereg_replace(\"[^a-zA-Z0-9_]\", \" \", $t); \nif(strlen($t) > 3) \n$queries[] = $t; \n} \n \nExample: \nhttp://www.site.com/search.php?q=[XSS]&t=1<http://www.site.com/search.php?q=%5BXSS%5D&t=1> \n \nGoogle search -> \"Powered by CommonSense CMS script\" \n`\n", "immutableFields": []}