Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:27436
HistoryDec 12, 2011 - 12:00 a.m.

[DCA-2011-0014] - Elxis CMS Cross Site Script

2011-12-1200:00:00
vulners.com
17
JSON

[Discussion]

  • DcLabs Security Research Group advises about the following vulnerability(ies):

[Software]

  • Elxis CMS

[Vendor Product Description]

  • Elxis is powerful open source content management system (CMS)
    released for free under the GNU/GPL license. It has unique
    multi-lingual features, it follows W3C standards, it is secure,
    flexible, easy to use, and modern. The development team, Elxis Team,
    paid extra attention to the optimization of the CMS for the search
    engines and this lead to high performance of all elxis powered web
    sites and to high ranking in search engines results.

  • Site: http://www.elxis.org/

[Advisory Timeline]

  • 11/22/2011 -> First Contact requesting security department contact;
  • 11/22/2011 -> Vendor responded;
  • 11/23/2011 -> Advisory sent to vendor;
  • 11/23/2011 -> Vendor reply, fix the bug, release Β patch and
    coordinate to publish.
  • 12/05/2011 -> Published.

[Bug Summary]

  • Persistent/Stored Cross-Site Scripting (XSS) (The cms admin can edit
    user contact info with XSS codes)

  • Non-Persistent Cross-Site Scripting (XSS)

[Impact]

  • High

[Affected Version]

  • Elxis 2009.3 aphrodite

[Bug Description and Proof of Concept]

  • Exploiting the HTML-injection issue allows an attacker to execute
    HTML and Java Script code in the remote user context to steal
    cookie-based authentication credentials or to control how the site is
    rendered to the user; other attacks may also be possible.

  • Moreover, Cross Site Scripting (XSS) vulnerabilities are caused due
    to lack of input validation. This allows malicious people to inject
    arbitrary HTML and script code. More info at:
    http://en.wikipedia.org/wiki/Cross-site_scripting

POC

/elxis/index.php?id=3&Itemid=9&option=com_content&task=%22%20onmouseover%3dprompt%28dclabs%29%20dcl%3d%22

/elxis/administrator/index.php/%22onmouseover=prompt(dclabs)%3E

All flaws described here were discovered and researched by:

Ewerson Guimaraes aka Crash
DcLabs Security Research Group
crash (at) dclabs <dot> com <dot> br

[Patch(s) / Workaround]

http://forum.elxis.org/index.php?PHPSESSID=v9i7kgmmb2554ldmlcmbj32ugjd0ngpc&amp;topic=5144.msg43327#msg43327

[Greetz]
DcLabs Security Research Group.

–
Ewerson Guimaraes (Crash)
Pentester/Researcher
DcLabs Security Team
www.dclabs.com.br

JSON