Date: Fri, 26 Aug 2011 23:59:33 +0800 From: YGN Ethical Hacker Group <lists@...g.net> To: oss-security@...ts.openwall.com Subject: CVE Request: Jcow CMS 4.2 <= | Cross Site Scripting Jcow CMS 4.2 <= | Cross Site Scripting 1. OVERVIEW Jcow CMS 4.2 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND Jcow is a flexible Social Networking software written in PHP. It can help you to build a social network for your interests and passions, a member community for your existing website and a social networking site like facebook/myspace/twitter. 3. VULNERABILITY DESCRIPTION The parameter "g" is not properly sanitized upon submission to /index.php, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED Jcow CMS 4.2 and lower 5. PROOF-OF-CONCEPT/EXPLOIT File : /includes/libs/member.module.php: Line 605: <input type="hidden" name="g" value="'.$_REQUEST['g'].'" /> http://[target]/index.php?p=member/signup&email=&username=&password=&fullname=&birthyear=1991&birthmonth=01&birthday=01&gender=0&location=Myanmar++&about_me=&recaptcha_challenge_field=03AHJ_Vuvk8U6zCeSdrjB0GPDuwaRP-tPJ2G7u3Nm5LpmVSGmZs_CIP9I_C0PYZ1zYY6F42zpzGKQkxSiUhhyu-QhhwZA6oTlLNntgAgmRkDjfZpu3j4-bMeQNpOVh1afb4fZ4qwaIxHpP1wL8-8-LgkEBE5auAFmF_w&recaptcha_response_field=&g=%22%3E%3Cscript%3Ealert%28/XSS/%29%3C/script%3E&onpost=1&agree_rules=1 6. SOLUTION Upgrade to 4.3.1 or higher. The commercial version 5.x.x is not vulnerable. 7. VENDOR Jcow CMS Development Team http://www.jcow.net 8. CREDIT This vulnerability was discovered by Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar. 9. DISCLOSURE TIME-LINE 2010-06-03: notified vendor 2010-06-03: vendor replied fix would be available within 48hrs 2011-08-24: vendor released fixed version, jcow.4.3.1.ce 2011-08-26: vulnerability disclosed 10. REFERENCES Original Advisory URL: http://yehg.net/lab/pr0js/advisories/[jcow_4.2]_cross_site_scripting Jcow CMS: http://sourceforge.net/projects/jcow/files/jcow4/jcow.4.2.1.zip/download #yehg [2011-08-26] --------------------------------- Best regards, YGN Ethical Hacker Group Yangon, Myanmar http://yehg.net Our Lab | http://yehg.net/lab Our Directory | http://yehg.net/hwd
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.