FreeWebshop v5.0- Cross Site Scripting & SQL Injection Vulnerabilities

======================================================================
FreeWebshop v5.0- Cross Site Scripting & SQL Injection Vulnerabilities
======================================================================


Vendor site => http://www.sensesites.com/

Date:
Jun 13 2006

Risk = MEDIUM

Version:
5.0

Credit:
=======
NewAngels Team - Discovered By LBDT - newangels-team.eu

Description:
CommonSense CMS is a Content Management System that is designed for
content-rich websites created for displaying
AdSense?ads or affiliate banners. Combined with our prebuilt
content
collections and auto-update network, it is a
powerful platform for instantly creating profitable and successful
websites.

Affected file:
search.php

There're no filters to special chars like <, >, /, etc. Then an attacker
can
execute html code. Chars
like ' and " are replaced by a \ but that's not a problem to a good
attacker, lol...

foreach(explode(" ", $SEARCH) as $t)
{
$t = ereg_replace("['`]", "", $t);
$t = ereg_replace("[^a-zA-Z0-9_]", " ", $t);
if(strlen($t) > 3)
$queries[] = $t;
}

Example:
http://www.site.com/search.php?q=[XSS]&t=1<http://www.site.com/search.php?q
=%5BXSS%5D&t=1>

Google search -> "Powered by CommonSense CMS script"



#  0day.today [2018-02-06]  #