SineCMS Apr 26 2007 08:35AM
nexus playhack net
. . .
._ | _. .|_ _. _.;_/
[_)|(_]\_|[ )(_](_.| \.net
| ._|
"SineCms Version 2.3.4 - Non-Persistent XSS Vulnerability"
by Nexus

1) Infos
Date : 2007-04-26 (ISO 8601)
Product : SineCms
Version : 2.3.4 (last), prior versions may also be affected
Vendor : -
Vendor Status : 2007-04-26 - Informed!

Description : SineCms is a management software for international communication
based on hypertext.

Google Dork : "SineCms Version: 2.3.4"

Source : nexus
E-mail : nexus[at]playhack[dot]net
Team : Security

2) Security Issues
The core module for Search engine is affected by a Non-Persistent Cross-Site Scripting
The source in "mods/Core/result.php" doesn't properly sanitize the input of the user
and just get the submitted text without any previous check on the content.
The affected variable is $_GET['stringa'], as a matter of fact if we try to insert a
string like:
The website will retrieve an url like:

And it executes the JavaScript code.
The script makes only a check on apex, that can be simply avoided executing for
example a remote script like
"><script src=></script>

It's easy to guess that this kind of vulnerability can be used to accomplish some
Phishing attacks, or whatever can be disfruted from an XSS flaw.

3) Patch

Edit the core source code and sanitize properly the inputted data.

[ reply ]


Privacy Statement
Copyright 2010, SecurityFocus