[Full-disclosure] [x0n3-h4ck.org] Bug on Drake CMS v0.2

2006-11-05T00:00:00
ID SECURITYVULNS:DOC:14931
Type securityvulns
Reporter Securityvulns
Modified 2006-11-05T00:00:00

Description

-=[--------------------ADVISORY-------------------]=-

                    Drake CMS V. 0.2

          Author: CorryL    x0n3-h4ck.org

-=[----------------------------------------------------]=-

-=[+] Application: Drake CMS -=[+] Version: 0.2 -=[+] Vendor's URL: https://sourceforge.net/projects/drakecms/ -=[+] Platform: Windows\Linux\Unix -=[+] Bug type: XSS,Full Patch Diclouse -=[+] Exploitation: Remote/Local -=[-] -=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~ -=[+] Reference: www.x0n3-h4ck.org -=[+] Virtual Office: http://www.kasamba.com/CorryL

..::[ Descriprion ]::..

Drake CMS is a dynamic web authoring and content managment system; it can be installed in a few minutes, almost all databases are supported plus an embedded flat file database. Its top features are security, speed, easy management and high customization.

..::[ Bug ]::..

This CMS is affection from a bug type Cross-site script (RSS) and a full patch diclouse, a remote attacker is able to exploit these vulnerability to draw sensitive information.

..::[ Proof Of Concept ]::..

1°) Cross-Site script (xss) Bug on /index.php?option=contact&Itemid=10&task=category&id=<ScRiPt%20%0a%0d>alert(764606807)%3B</ScRiPt>

2°) Full path diclouse on /classes/simplecaptcha/captcha.png.php

..::[ Workaround ]::..

https://sourceforge.net/projects/drakecms/

..::[ Disclousure Timeline ]::..

[01/11/2006] - Vendor notification [01/11/2006] - Vendor Response [04/11/2006] - Public disclousure


Alice BASIC: mail, antivirus, antispam e invio allegati fino a 2 GB! Per maggiori informazioni vai su: http://adsl.alice.it/servizi/alicebasic.html