Jcow CMS 4.2 <= | Cross Site Scripting

看板Bugtraq作者時間14年前 (2011/08/28 03:01), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串1/1
Jcow CMS 4.2 <=3D | Cross Site Scripting 1. OVERVIEW Jcow CMS 4.2 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Jcow is a flexible Social Networking software written in PHP. It can help you to build a social network for your interests and passions, a member community for your existing website and a social networking site like facebook/myspace/twitter. 3. VULNERABILITY DESCRIPTION The parameter "g" is not properly sanitized upon submission to /index.php, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED Jcow CMS 4.2 and lower 5. PROOF-OF-CONCEPT/EXPLOIT File : /includes/libs/member.module.php: Line 605: <input type=3D"hidden" name=3D"g" value=3D"'.$_REQUEST['g'].'" /> http://[target]/index.php?p=3Dmember/signup&email=3D&username=3D&password= =3D&fullname=3D&birthyear=3D1991&birthmonth=3D01&birthday=3D01&gender=3D0&l= ocation=3DMyanmar++&about_me=3D&recaptcha_challenge_field=3D03AHJ_Vuvk8U6zC= eSdrjB0GPDuwaRP-tPJ2G7u3Nm5LpmVSGmZs_CIP9I_C0PYZ1zYY6F42zpzGKQkxSiUhhyu-Qhh= wZA6oTlLNntgAgmRkDjfZpu3j4-bMeQNpOVh1afb4fZ4qwaIxHpP1wL8-8-LgkEBE5auAFmF_w&= recaptcha_response_field=3D&g=3D%22%3E%3Cscript%3Ealert%28/XSS/%29%3C/scrip= t%3E&onpost=3D1&agree_rules=3D1 6. SOLUTION Upgrade to 4.3.1 or higher. The commercial version 5.x.x is not vulnerable. 7. VENDOR Jcow CMS Development Team http://www.jcow.net 8. CREDIT This vulnerability was discovered by Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar. 9. DISCLOSURE TIME-LINE 2010-06-03: notified vendor 2010-06-03: vendor replied fix would be available within 48hrs 2011-08-24: vendor released fixed version, jcow.4.3.1.ce 2011-08-26: vulnerability disclosed 10. REFERENCES Original Advisory URL: http://yehg.net/lab/pr0js/advisories/[jcow_4.2]_cross_site_scripting Jcow CMS: http://sourceforge.net/projects/jcow/files/jcow4/jcow.4.2.1.zip/d= ownload #yehg [2011-08-26] --------------------------------- Best regards, YGN Ethical Hacker Group Yangon, Myanmar http://yehg.net Our Lab | http://yehg.net/lab Our Directory | http://yehg.net/hwd
更多 lists. 的文章
文章代碼(AID): #1EMJxlkC (Bugtraq)