drakeCMS.txt

`  
-=[--------------------ADVISORY-------------------]=-  
  
Drake CMS V. 0.2  
  
Author: CorryL x0n3-h4ck.org  
-=[----------------------------------------------------]=-  
  
  
-=[+] Application: Drake CMS  
-=[+] Version: 0.2  
-=[+] Vendor's URL: https://sourceforge.net/projects/drakecms/  
-=[+] Platform: Windows\Linux\Unix  
-=[+] Bug type: XSS,Full Patch Diclouse  
-=[+] Exploitation: Remote/Local  
-=[-]  
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~  
-=[+] Reference: www.x0n3-h4ck.org  
-=[+] Virtual Office: http://www.kasamba.com/CorryL  
  
..::[ Descriprion ]::..  
  
Drake CMS is a dynamic web authoring and content managment system; it can be installed in a few minutes, almost all databases are supported plus an embedded flat file database. Its top features are security, speed, easy management and high customization.  
  
  
..::[ Bug ]::..  
  
This CMS is affection from a bug type Cross-site script (RSS) and   
a full patch diclouse, a remote attacker is able to exploit these  
vulnerability to draw sensitive information.  
  
  
..::[ Proof Of Concept ]::..  
  
1°) Cross-Site script (xss) Bug on  
/index.php?option=contact&Itemid=10&task=category&id=<ScRiPt%20%0a%0d>alert(764606807)%3B</ScRiPt>  
  
2°) Full path diclouse on  
/classes/simplecaptcha/captcha.png.php  
  
  
..::[ Workaround ]::..  
  
https://sourceforge.net/projects/drakecms/  
  
..::[ Disclousure Timeline ]::..  
  
[01/11/2006] - Vendor notification  
[01/11/2006] - Vendor Response  
[04/11/2006] - Public disclousure  
  
  
  
*********************  
Alice BASIC: mail, antivirus, antispam e invio allegati fino a 2 GB!  
Per maggiori informazioni vai su: http://adsl.alice.it/servizi/alicebasic.html   
`