[KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability

2006-02-24T00:00:00
ID SECURITYVULNS:DOC:11554
Type securityvulns
Reporter Securityvulns
Modified 2006-02-24T00:00:00

Description

[KAPDA::#27] - Runcms 1.x Cross_Site_Scripting vulnerability

KAPDA New advisory

Vulnerable products : Runcms 1.x Vendor: www.runcms.org Risk: Low Vulnerabilities: Cross_Site_Scripting Discoverd by Roozbeh Afrasiabi roozbeh[at]yahoo[dot]com www.kapda.ir www.persiax.com

Date :

Found : Jan 28 2006 Vendor Contacted : N/A

About :

"Runcms Includes most things a webmaster would expect from a cms: downloads,links, tutorials section, polls, forums, news, faq, contact form,rss feeds,file uploads, blogging via xml-rpc, & more. Possibility to manage users as groups with module/block specific access permissions, and extend functioality via 3rd party module plug-ins. Has a simple yet good themability. Easy enough to use for users, while staying simple enough to extend & customize for coders." (from runcms.org)

Vulnerability:

Cross_Site_Scripting :

RUNCMS is affected by a cross-site scripting vulnerability. This issue is due to the failure of the application to properly sanitize user- supplied input.

As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed.

Detail and PoC :

The application does not validate the "lid" variable upon submission to ratefile.php.

h**p://[target]/public/modules/downloads/ratefile.php?lid={number}">[code]

Solution :

N/A

Original Advisory :

http://kapda.ir/advisory-267.html

Especial thanks to:

All KAPDA members

Credit :

Discoverd by Roozbeh Afrasiabi roozbeh_afrasiabi[at]yahoo[dot]com www.kapda.ir www.persiax.com