CONTENS "search.cfm" Multiple Input Validation Vulnerabilities

Type securityvulns
Reporter Securityvulns
Modified 2005-12-17T00:00:00


CONTENS "search.cfm" Multiple Input Validation Vulnerabilities

Vuln. discovered by : r0t Date: 17 dec. 2005 orginal advisory: vendor: affected version:3.0 and prior

Product Description:

CONTENS Software GmbH provides Content Management Software (CMS) for companies with sophisticated online communication needs. Its line of products meets the demands of businesses from small online editors to international firms. A strong network of experienced partners conceives innovative and customized CONTENS solutions and implements them according to individual demands. With the help of the CONTENS platform-independent CMS products businesses can quickly realize and edit extensive online projects without any prior pro-gramming knowledge. Among the well-known businesses that use CONTENS Content Management products are Concordia Insurance Group, Credit Suisse, Davidoff, Discovery Channel, Eurocard, GlobeGround Servisair, Hapimag, HypoVereinsbank BKK, John Deere, Max-Planck, MVV Energie AG, Peri, ratiopharm, T-Mobile and Schwyzer Kantonalbank.

Vuln. Description:


CONTENS contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "near" paremter in "search.cfm" isn't properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

/search.cfm?uselang_en=1&intern=0&targetgroup =pub&fuseaction_sea=results&advanced=1&criteria =r0t&submit.x=33&submit.y=10&submit=Search&bool =or&itemsperpage=10&near=[XSS]

2.Full Path and sensitive infomation view. To view install path and other sensitive informationuse one of this examples below:

/search.cfm?uselang_en=1&intern=0 &targetgroup=pub&fuseaction_sea=r esults&advanced=1&criteria=r0t&su bmit.x=33&submit.y=[CODE]

/search.cfm?uselang_en=1&intern=0 &targetgroup=pub&fuseaction_sea=r esults&advanced=1&criteria=r0t&su bmit.x=33&submit.y=10&submit=Sear ch&bool=[CODE]

/search.cfm?uselang_en=1&intern=0 &targetgroup=pub&fuseaction_sea=r esults&advanced=1&criteria=r0t&su bmit.x=33&submit.y=10&submit=Sear ch&bool=or&itemsperpage=[CODE]

/search.cfm?uselang_en=1&intern=0 &targetgroup=pub&fuseaction_sea=r esults&advanced=1&criteria=r0t&su bmit.x=33&submit.y=10&submit=[CODE]

/search.cfm?uselang_en=1&intern=0 &targetgroup=pub&fuseaction_sea=r esults&advanced=1&criteria=r0t&su bmit.x=[CODE]

/search.cfm?uselang_en=1&intern=0 &targetgroup=pub&fuseaction_sea=r esults&advanced=1&criteria=[CODE]

/search.cfm?uselang_en=1&intern=0 &targetgroup=pub&fuseaction_sea=r esults&advanced=[CODE]

/search.cfm?uselang_en=1&intern=[ CODE]

Solution: Edit the source code to ensure that input is properly sanitised.