------------------------------------------------------ EzPublish "Directory" XSS Vulnerability ------------------------------------------------------ ------------------------------------------------------ About Ezpublish; ------------------------------------------------------ PHP Based Content Management System Vendor : http://ez.no Demo : http://publishdemo.ez.no/ ------------------------------------------------------ Vulnerable; ------------------------------------------------------ eZ publish 2.2 ------------------------------------------------------ Not Vulnerable; ------------------------------------------------------ eZ publish 3 ------------------------------------------------------ Vendor Status; ------------------------------------------------------ Vendor replied and send a new version of this file. (attached) ------------------------------------------------------ Patch; ------------------------------------------------------ You can download patched file in attachment. ------------------------------------------------------ Exploit; ------------------------------------------------------ http://[victim]/index.php/article/articleview/[img%20src="javascript:alert(document.cookie)"] (Replace [], <>) Ferruh Mavituna Web Application Security Consultant Freelance Developer & Designer http://ferruh.mavituna.com ferruh@mavituna.com
Attachment:
articleview.php
Description: Binary data
