BugTraq
XSS vulnerability in Auto CMS Aug 26 2010 12:53PM
advisory htbridge ch (1 replies)
Re: XSS vulnerability in Auto CMS Sep 28 2010 11:58PM
security curmudgeon (jericho attrition org)

: Vulnerability ID: HTB22564
: Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_auto_cms.html
: Product: Auto CMS
: Vendor: Roberto Aleman ( http://ventics.com/autocms/ )
: Vulnerable Version: 1.6 and Probably Prior Versions

: Vulnerability Type: XSS (Cross Site Scripting)

As an FYI, you apparently missed the arbitrary PHP code execution in this
product. Checking Secunia, it appears that Eskarina Smith found a
considerably more serious issue in index.php:

http://secunia.com/advisories/41147/

Figured I would share this since it doesn't appear this was disclosed on
Bugtraq. I'd also point out that this really makes people question your
auditing and ethical hacking ability. If you find XSS and pedestrian SQLi,
but miss code execution, it doesn't bode well for your customers.

: Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)

[ reply ]
 

Privacy Statement
Copyright 2010, SecurityFocus