forked from liquidworm/advisory
-
Notifications
You must be signed in to change notification settings - Fork 0
/
ZSL-2010-4963
47 lines (28 loc) · 1.43 KB
/
ZSL-2010-4963
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
Textpattern 4.2.0 (txplib_db) Null Termination Cross-Site Scripting Vulnerability
Vendor: Team Textpattern
Product web page: http://www.textpattern.com
Affected version: 4.2.0
Summary: Textpattern is an open source content management system
unlike any other; it allows you to easily create, edit and publish
content and make it beautiful in a professional, standards-compliant
manner.
Desc: Textpattern CMS version 4.2.0 suffers from a XSS vulnerability.
Input passed via the "q" parameter to Textpattern (TXP) Tag Library
(txplib_db.php) is not properly sanitised before being returned to
the user. This can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of an affected site.
Tested on: Microsoft Windows XP Professional SP3 (EN)
PHP 5.3.0
MySQL 5.1.36
Apache 2.2.11 (Win32)
Vendor status: [05.09.2010] Vulnerability discovered.
[05.09.2010] Initial contact with the vendor.
[07.09.2010] No reply from vendor.
[08.09.2010] Public advisory released.
Vulnerability discovered by: Gjoko 'LiquidWorm' Krstic
Zero Science Lab - http://www.zeroscience.mk
liquidworm gmail com
Zero Science Lab Advisory ID: ZSL-2010-4963
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4963.php
PoC:
http://127.0.0.1/?q=%00<script>alert(document.cookie)</script>