[MajorSecurity SA-074]CMS RedAks 2.0 - Multiple Cross-site Scripting issues

Details

Product: CMS RedAks 2.0
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.redaks.com/
Advisory-Status: published

Credits

Discovered by: David Vieira-Kurz of MajorSecurity

Original Advisory

http://www.majorsecurity.net/redaks_CMS_xss.php

Affected Products:

CMS RedAks 2.0
Prior versions may also be vulnerable

=============
"CMS RedAks 2.0 is a web based content management system."

More Details

We at MajorSecurity have discovered some vulnerabilities in CMS RedAks 2.0, which can be exploited by
malicious people to conduct cross-site scripting attacks. Input passed directly to the "search", "search_id"
and "search_inall" POST parameters in "/search/" Controller is not properly sanitised before being stored
and returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of
an affected site.

Solution

Web applications should never trust on user generated input and therefore sanatize all input.

Workaround

Do not browse untrusted sites or follow untrusted links while being logged-in to the application.

MajorSecurity

MajorSecurity is a German penetrationtesting and security research company which focuses on web application
security. We offer professional penetrationstest, security audits,
source code reviews and pci dss compliance tests. Visit us at
http://www.majorsecurity.net/penetrationstest.php