Home / os / solaris

cmsms102-xss.txt

Posted on 05 January 2007

######################## # /||` | || ` / || # #/ || |\| ||` /` || # # || | ` || |/| || /# # ||_|` \_||_|` |_||/ # # http://www.nanoy.org # ######################## Hacker.: NanoyMaster CMS....: CMS Made Simple Version: 1.0.2 [--------exploits----------] 1) Search XSS (non-permanent) 2) preview XSS (non-permanent) 3) Admin login XSS (non-permanent) 4) Outro [--------------------[NM]--] [-------1.Search XSS-------] XSS in search eg: http://<site>/<path>/index.php?mact=Search%2Ccntnt01%2Cdosearch%2C0&cntnt01returnid=15&cntnt01searchinput=<XSS>&cntnt01submit=Submit Patch: modulesSearchaction.dosearch.php Add the following to line 3: $params['searchinput'] = htmlentities($params['searchinput']); [--------------------[NM]--] [------2.Preview XSS-------] XSS in Preview eg: http://<site>/<path>/preview.php?tmpfile=<xss> Patch: preview.php add the following to line 38: $page = htmlentities($page); [--------------------[NM]--] [----3.Admin Login XSS-----] Type in username: "><xss> then submit (make your own post form for more than 15 chars) Patch: http://<site>/<path>/admin/themes/<theme>/login.php Add the following near the top: <?php if(isset($_POST['username'])){$_POST['username'] = htmlentities($_POST['username']);} ?> [--------------------[NM]--] [----------0.Outro---------] Well I hope you liked this whitepaper Have fun screwing with sites that use this package (Or patching your sites!) Sorry only 2 holes were added, I'll try harder next time ;) Check out my site: http://www.nanoy.org theres a few challs etc. peace (^_^)___/m [--------------------[NM]--]

 

TOP