CMS RedAks 2.0 - Multiple Cross-site Scripting issues
Posted on 17 June 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>CMS RedAks 2.0 - Multiple Cross-site Scripting issues</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>===================================================== CMS RedAks 2.0 - Multiple Cross-site Scripting issues ===================================================== Details ============= Product: CMS RedAks 2.0 Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.redaks.com/ Advisory-Status: published Credits ============= Discovered by: David Vieira-Kurz of MajorSecurity Original Advisory ============= http://www.majorsecurity.net/redaks_CMS_xss.php Affected Products: ============= CMS RedAks 2.0 Prior versions may also be vulnerable ============= "CMS RedAks 2.0 is a web based content management system." More Details ============= We at MajorSecurity have discovered some vulnerabilities in CMS RedAks 2.0, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed directly to the "search", "search_id" and "search_inall" POST parameters in "/search/" Controller is not properly sanitised before being stored and returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Solution ============= Web applications should never trust on user generated input and therefore sanatize all input. Workaround ================ Do not browse untrusted sites or follow untrusted links while being logged-in to the application. MajorSecurity ================ MajorSecurity is a German penetrationtesting and security research company which focuses on web application security. We offer professional penetrationstest, security audits, source code reviews and pci dss compliance tests. Visit us at http://www.majorsecurity.net/penetrationstest.php # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-17]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
