[MajorSecurity #11]OpenCMS<= 6.2.1 - XSS ------------------------------------------ Software: OpenCMS Version: <=6.2.1 Type: Cross site scripting Date: June, 10th 2006 Vendor: Alkacon Software GmbH Page: http://www.alkacon.com http://www.opencms.org/opencms/en/ Credits: ---------------------------- Discovered by: David "Aesthetico" Vieira-Kurz http://www.majorsecurity.de Original Advisory: ---------------------------- http://www.majorsecurity.de/advisory/major_rls11.txt Affected Products: ---------------------------- OpenCMS 6.2.1 and prior Description: ---------------------------- OpenCms is a professional level Open Source Website Content Management System. Requirements: ---------------------------- register_globals = On Vulnerability: ---------------------------- Input passed to the search inputbox/query is not properly verified. This can be exploited to accomplish cross site sctipting attacks. Solution: ---------------------------- Edit the source code to ensure that input is properly sanitised. You should work with "htmlspecialchars()" or "strip_tags()" php-function to ensure that html tags are not going to be executed. Example: <?php echo htmlspecialchars("<script"); ?> Set "register_globals" to "Off". Exploitation: --------------------------- Goto the search query/inputbox and type in following line as searchword: <script>alert("MajorSecurity")</script>
