[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Advisory: SANS CMS fails to sanitize web scripting

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Advisory: SANS CMS fails to sanitize web scripting
From: Moritz Naumann <security@xxxxxxxxxxxxxxxxxx>
Date: Mon, 16 Jun 2008 09:38:32 +0000

Some monday morning fun:

SANS content management system fails to properly sanitize user inputs,
allowing for injection of malicious web script or HTML.
Prior authentication is required, limiting this issue to blog posts by
people with malicious intentions or who don't know what they're doing.

POC here: http://isc.sans.org/diary.html?storyid=4565

Search the source code for 'adsitelo' (without quotes).

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] newbie needs password cracked
Next by Date: Re: [Full-disclosure] XSS Browser hijacking PoC?
Previous by thread: Re: [Full-disclosure] newbie needs password cracked
Next by thread: [Full-disclosure] Autodesk Security Contact
Index(es):
- Date
- Thread