what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

cms-g3.txt

cms-g3.txt
Posted Aug 17, 2006
Authored by Stefan Friedli

The G3 Content Management Framework suffers from a cross site scripting flaw in its search functionality.

tags | advisory, xss
SHA-256 | ed0b96675e9bb1b768f29e787bddb29303b2349d4a6b1cb18611de65d5734d18

cms-g3.txt

Change Mirror Download
------=_Part_126924_19318683.1154513617154
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Content Management Framework "G3" - XSS Vulnerability in Search Function

INTRO
According to the manufacturer, "G3" is a classic content-management-system,
allowing customers to manage their own websites without knowing much about
webpublishing.
Information about the product is available at:
http://www.inm.ch/g3.cms/s_page/56770

DESCRIPTION
Stefan Friedli discovered a XSS Vulnerabilty in the search module used by
many websites powered by G3. By using the chars "<" ">" and quotes, the form
can be used to include script code. As there seems to be no determination
between parameters being passed by GET or POST, it's possible to pass
manipulated content to other users using a simple link passing the parameter
search_string.

EXPLOIT
Classic browser-based script injection techniques are sufficient to exploit
this vulnerability.

POSSIBLE IMPACT
As most XSS vulnerabilities, the impact of this flaw depends on the page
being attacked. In this case, a "trusted" site may be used to exploit
vulnerabilities in older browsers or compromise accounts on sites using
authentication. For several customers of INM, this flaw could cause some
additional trouble because of possible phising attacks using this
vulnerability to trick customers.

SOLUTION
The vulnerabilty has not been addressed yet. A patch implementing basic
input validation would solve the problem.

VENDOR RESPONSE
INM has been informed about this vulnerability on 2006-07-06. A reminder was
sent 14 days after. There has been no reaction on any message according this
issue.

TIMELINE
2006-07-05 - Discovery
2006-07-06 - INM has been informed about the flaw
2006-07-20 - Reminder has been sent
2006-08-02 - Public advisory has been published

CREDITS
This vulnerabilty was discovered by Stefan Friedli. It may be redistributed
as-is.

------=_Part_126924_19318683.1154513617154
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Content Management Framework "G3" - XSS Vulnerability in Search Function<br><br>INTRO<br>According to the manufacturer, "G3" is a classic content-management-system, allowing customers to manage their own websites without knowing much about webpublishing.
<br>Information about the product is available at:<br><a href="http://www.inm.ch/g3.cms/s_page/56770">http://www.inm.ch/g3.cms/s_page/56770</a><br><br>DESCRIPTION<br>Stefan Friedli discovered a XSS Vulnerabilty in the search module used by many websites powered by G3. By using the chars "<" ">" and quotes, the form can be used to include script code. As there seems to be no determination between parameters being passed by GET or POST, it's possible to pass manipulated content to other users using a simple link passing the parameter search_string.
<br><br>EXPLOIT<br>Classic browser-based script injection techniques are sufficient to exploit this vulnerability.<br><br>POSSIBLE IMPACT<br>As most XSS vulnerabilities, the impact of this flaw depends on the page being attacked. In this case, a "trusted" site may be used to exploit vulnerabilities in older browsers or compromise accounts on sites using authentication. For several customers of INM, this flaw could cause some additional trouble because of possible phising attacks using this vulnerability to trick customers.
<br><br>SOLUTION<br>The vulnerabilty has not been addressed yet. A patch implementing basic input validation would solve the problem.<br><br>VENDOR RESPONSE<br>INM has been informed about this vulnerability on 2006-07-06. A reminder was sent 14 days after. There has been no reaction on any message according this issue.
<br><br>TIMELINE<br>2006-07-05 - Discovery<br>2006-07-06 - INM has been informed about the flaw<br>2006-07-20 - Reminder has been sent<br>2006-08-02 - Public advisory has been published<br><br>CREDITS<br>This vulnerabilty was discovered by Stefan Friedli. It may be redistributed as-is.

------=_Part_126924_19318683.1154513617154--
Login or Register to add favorites

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    14 Files
  • 29
    Jun 29th
    11 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close