Type packetstorm
Reporter Nexus
Modified 2007-05-03T00:00:00


                                            ` . . .   
._ | _. .|_ _. _.;_/  
[_)|(_]\_|[ )(_](_.| \.net  
| ._|   
"SineCms Version 2.3.4 - Non-Persistent XSS Vulnerability"  
by Nexus  
1) Infos  
Date : 2007-04-26 (ISO 8601)  
Product : SineCms  
Version : 2.3.4 (last), prior versions may also be affected  
Vendor : -  
Vendor Status : 2007-04-26 - Informed!  
Description : SineCms is a management software for international communication   
based on hypertext.  
Google Dork : "SineCms Version: 2.3.4"  
Source : nexus  
E-mail : nexus[at]playhack[dot]net  
Team : Security  
2) Security Issues  
The core module for Search engine is affected by a Non-Persistent Cross-Site Scripting  
The source in "mods/Core/result.php" doesn't properly sanitize the input of the user  
and just get the submitted text without any previous check on the content.  
The affected variable is $_GET['stringa'], as a matter of fact if we try to insert a  
string like:  
The website will retrieve an url like:  
And it executes the JavaScript code.  
The script makes only a check on apex, that can be simply avoided executing for   
example a remote script like  
"><script src=></script>  
It's easy to guess that this kind of vulnerability can be used to accomplish some  
Phishing attacks, or whatever can be disfruted from an XSS flaw.  
3) Patch  
Edit the core source code and sanitize properly the inputted data.