[MajorSecurity SA-071]phpFaber CMS - Multiple stored Cross-site Scripting issues

Details

Product: phpFaber CMS
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.phpfaber.com/
Advisory-Status: published

Credits

Discovered by: David Vieira-Kurz
http://www.majorsecurity.net/penetrationstest.php

Original Advisory

http://www.majorsecurity.net/phpFaber_CMS_xss.php

Affected Products:

phpFaber CMS v. 2.0.5
Prior versions may also be vulnerable

=============
"phpFaber CMS is web based content management system."

More Details

We at MajorSecurity have discovered some vulnerabilities in phpFaber CMS, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Input passed directly to the "ERR_MSG" GET Parameter and to the "COMPANY_NAME" and
"SPOTLIGHT" POST Parameter in "index.php" is not properly sanitised before being stored
and returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser
session in context of an affected site.

Solution

Web applications should never trust on user generated input and therefore sanatize all
input.

MajorSecurity

MajorSecurity is a German penetrationtesting and security research company which focuses
on web application security. We offer professional penetrationstest, security audits,
source code reviews and pci dss compliance tests.

Workaround

Do not browse untrusted sites or follow untrusted links while being logged-in to the
application.

MajorSecurity

MajorSecurity is a German penetrationtesting and security research company which focuses
on web application security. We offer professional penetrationstest, security audits,
source code reviews.