rmsoft-xss.txt

`##########################################  
RMSOFT Downloads Plus two scripts two variables XSS  
Vendor url:http://www.xoops-mexico.net/  
Advisore:http://lostmon.blogspot.com/2008/08/  
rmsoft-downloads-plus-two-scripts-two.html  
Vendor notify:no exploits availables:yes  
##########################################  
  
  
RMSOFT Downloads Plus is a download php/Mysql script  
module for multiple CMS Systems like Xoops,e-xoops,bcoos and  
impressCMS and probably in all CMS based in Xoops code.  
  
RMSOFT Downloads Plus contains a flaw that allows a remote  
cross site scripting attack.This flaw exists because  
the application does not validate 'key' variable upon  
submission to search.php script and 'id' variable upon  
submision to down.php script in module. This could allow  
a user to create a specially crafted URL that would execute  
arbitrary code in a user's browser within the trust  
relationship between the browser and the server,  
leading loss ofintegrity.  
  
##########  
versions  
##########  
  
RMSOFT Downloads Plus 1.5  
RMSOFT Downloads Plus 1.7  
  
it affects This type CMS Systems if we  
have instaled this module:  
  
Xoops  
e-xoops  
ImpressCMS  
Bcoos  
  
and other that uses xoops code and this module.  
  
############  
Solution  
############  
  
No solution at this time !!!  
  
###########  
Examples  
###########  
  
http://localhost/modules/rmdp/search.php?key=">[XSS-code]&cat=0  
  
http://localhost/modules/rmdp/down.php?id=1">[XSS-code]  
  
http://localhost/modules/rmdp/down.php?com_mode=nest&com_order=1&id=1">  
[XSS-code]&cid=3#users  
  
  
############## €nd ###################  
  
Thnx To estrella to be my light  
Thnx to all Lostmon Team !  
thnx to imydes From www.imydes.com  
--   
atentamente:  
Lostmon ([email protected])  
Web-Blog: http://lostmon.blogspot.com/  
Google group: http://groups.google.com/group/lostmon (new)  
--  
La curiosidad es lo que hace mover la mente..  
`