Jetbox CMS version 2.1 E-Mail Injection Vulnerability [2]

2007.05.18
Credit: laurent gaffi
Risk: Medium
Local: No
Remote: Yes
CWE: N/A

hi there jetbox cms is also vulnerable to severals xss GET: http://127.0.0.1/jetbox/index.php/view/search/?path=[xss] http://127.0.0.1/jetbox/index.php/view/supplynews/?companyname=[xss] http://127.0.0.1/jetbox/index.php/view/supplynews/?companyname=1&country =[xss] http://127.0.0.1/jetbox/index.php/view/supplynews/?companyname=1&country =1&email=[xss] http://127.0.0.1/jetbox/index.php/view/supplynews/?companyname=1&country =1&email=1&firstname=[xss] http://127.0.0.1/jetbox/index.php/view/supplynews/?companyname=1&country =1&email=1&firstname=1&middlename=[xss]http://127.0.0.1/jetbox/index.php /view/supplynews/?companyname=1&country=1&email=1&firstname=1&middlename =1&recipient=jetbox (at) localhost (dot) com [email concealed]&required=[xss] http://127.0.0.1/jetbox/index.php/view/supplynews/?companyname=1&country =1&email=1&firstname=1&middlename=1&recipient=jetbox (at) localhost (dot) com [email concealed]&requi red=firstname,surname,email,companyname,country,workphone,title,topic,we bsite,text&signupsubmit=true&subject=News&submit=Send&surname=[xss] http://127.0.0.1/jetbox/index.php/view/supplynews/?companyname=1&country =1&email=1&firstname=1&middlename=1&recipient=jetbox (at) localhost (dot) com [email concealed]&requi red=firstname,surname,email,companyname,country,workphone,title,topic,we bsite,text&signupsubmit=true&subject=News&submit=Send&surname=1&text=1&t itle=[xss] shell upload: you can upload any kind of file if you have some authors privileges. your file will be located here: ./jetbox/webfiles/yourfile.php solution: 1) xss --> use: http://us.php.net/manual/en/function.htmlentities.php 2) upload script : --> allow only certains extension like : txt,mp3,zip,rar,pdf,odt,doc...etc... regards laurent gaffi.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top