[Full-disclosure] [x0n3-h4ck.org] Bug on Drake CMS v0.2


-=[--------------------ADVISORY-------------------]=- Drake CMS V. 0.2 Author: CorryL x0n3-h4ck.org -=[----------------------------------------------------]=- -=[+] Application: Drake CMS -=[+] Version: 0.2 -=[+] Vendor's URL: https://sourceforge.net/projects/drakecms/ -=[+] Platform: Windows\Linux\Unix -=[+] Bug type: XSS,Full Patch Diclouse -=[+] Exploitation: Remote/Local -=[-] -=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~ -=[+] Reference: www.x0n3-h4ck.org -=[+] Virtual Office: http://www.kasamba.com/CorryL ..::[ Descriprion ]::.. Drake CMS is a dynamic web authoring and content managment system; it can be installed in a few minutes, almost all databases are supported plus an embedded flat file database. Its top features are security, speed, easy management and high customization. ..::[ Bug ]::.. This CMS is affection from a bug type Cross-site script (RSS) and a full patch diclouse, a remote attacker is able to exploit these vulnerability to draw sensitive information. ..::[ Proof Of Concept ]::.. 1°) Cross-Site script (xss) Bug on /index.php?option=contact&Itemid=10&task=category&id=<ScRiPt%20%0a%0d>alert(764606807)%3B</ScRiPt> 2°) Full path diclouse on /classes/simplecaptcha/captcha.png.php ..::[ Workaround ]::.. https://sourceforge.net/projects/drakecms/ ..::[ Disclousure Timeline ]::.. [01/11/2006] - Vendor notification [01/11/2006] - Vendor Response [04/11/2006] - Public disclousure ********************* Alice BASIC: mail, antivirus, antispam e invio allegati fino a 2 GB! Per maggiori informazioni vai su: http://adsl.alice.it/servizi/alicebasic.html