Re: Stored XSS vulnerability in diafan.CMS
: Vulnerability ID: HTB22776
: Reference: http://www.htbridge.ch/advisory/stored_xss_vulnerability_in_diafan_cms.html
: Product: diafan.CMS
: Vulnerability Details:
: User can execute arbitrary JavaScript code within the vulnerable application.
:
: The vulnerability exists due to failure in the
: "http://host/admin/site/save2/" script to properly sanitize
: user-supplied input in "text" variable. Successful exploitation of this
: vulnerability could result in a compromise of the application, theft of
: cookie-based authentication credentials, disclosure or modification of
: sensitive data.
This is the site editor functionality, correct? This requires
administrative access and is *designed* to allow the admin to enter any
HTML or script code desired.
If an attacker can access this page, couldn't they do other bad things? Is
there really a crossing of privilege boundary here?
討論串 (同標題文章)