Advertisement






ToendaCMS - Cross Site Scripting Issue

CVE Category Price Severity
CVE-2021-41223 CWE-79 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2006-08-13
CVSS EPSS EPSSP
CVSS:4.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L 0.0599 0.5478

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006080046

Below is a copy:

[MajorSecurity Advisory #27]ToendaCMS - Cross Site Scripting Issue

Details

=======

Product: Toenda CMS

Affected Version: <=1.0.3(stable) and 1.1

Immune Version: None known

Security-Risk: low

Remote-Exploit: yes

Vendor-URL: http://www.toenda.com/

Vendor-Status: informed

Advisory-Status: published

Credits

============

Discovered by: David Vieira-Kurz

http://www.majorsecurity.de

Original Advisory:

============

http://www.majorsecurity.de/index_en2.php?major_rls=major_rls27

Introduction

============

"The toendaCMS Content Management and Weblogging tool gives you a modern,

professional publishing system, based on an SQL and/or XML database.." (from Vendor's page)

More Details

============

Input passed directly to the "?s" parameter in "/toendaCMS/" is not properly sanitised before being returned to the user.

This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

It works with a script code like this:

>'><script%20%0a%0d>alert(123456789)%3B</script>

Fix

===

None known.

Solution

=============

Edit the source code to ensure that input is properly sanitised.

You should work with "htmlspecialchars()" or "htmlentities()" php-function to ensure that html tags

are not going to be executed. Further it is recommend to set off the "register globals" option in the

"php.ini" on your webserver.

Example:

<?php

$pass = htmlentities($_POST['pass']);

echo htmlspecialchars("<script");

$id = intval($_POST['id']);

?>

Set "register_globals" to "Off".

History/Timeline

================

19.07.2006  discovery of the vulnerability

20.07.2006  additional tests with other versions

21.07.2006  contacted Toenda Software Development(vendor) on their own BugTraq.

01.08.2006  after 10 days I got still no response to my advise on their own BugTraq.

02.08.2006  advisory is written

03.08.2006  advisory released

MajorSecurity

=======

MajorSecurity is a German penetration testing and hacking security project

which consists of only one person at the present time.

I am looking for a partnership.

You can find more Information on the MajorSecurity Project at

http://www.majorsecurity.de/

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum