contenite XSS vuln.

contenite XSS vuln.

Vuln. discovered by : r0t
Date: 17 dec. 2005
orginal advisory:http://pridels.blogspot.com/2005/12/contenite-xss-vuln.html
vendor:http://contenite.de/
affected version: 0.11 and prior

Product Description:

A CMS that stays out of your way contenite is an embedded content
management system (eCMS) which is simple, powerful, and flexible. Now
there are no more excuses not to update the frontpage of your online
shop every week or to create a more pleasant looking entry page for
your online forum or community site. - now. contenite is simple to set
up through a web-based installer. It is simple to run - it only needs
PHP, no database. It is powerful because there is a host of content
types that are bundled with the system. It is flexible because the set
of content types is extensible through a simple, object-oriented
programming interface. contenite is not for every site. Its
architecture makes it well suited for brochure sites with little
interaction and few editors. For the web presence of a small to medium
enterprise (SME), it is probably all you'll ever need. contenite is a
breeze to add to static pages and works well to add this little extra
flexibility to your existing CMS. It doesn't insist to manage complete
pages. It just cares for those dynamic pieces within. Of course, it
can manage your whole site if you like.

Vuln. Description:

Contenite contains a flaw that allows a remote cross site scripting
attack. This flaw exists because input passed to "id" paremter in
"home.php" isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would
execute arbitrary code in a user's browser within the trust
relationship between the browser and the server, leading to a loss of
integrity.

example:

/home.php?id=[XSS]

Solution:
Edit the source code to ensure that input is properly sanitised.