OpenCms (7.5.0) Multiple Vulnerabilitys

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1051764 漏洞类型
发布时间 2009-08-07 更新时间 2009-08-07
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2009080011
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Application: OpenCms

Version: 7.5.0

Hardware: Tomcat/Oracle

Vulnerability: Cross-Site Scripting, Phishing Through Frames, Application Error

Overview:

Various URL's within the deployed OpenCms application version 7.5.0 are open to attacks, including Cross-Site Scripting, Phishing Through Frames and Application Error. Some of these attacks allow injection of scripts into a parameter in the request. The application should filter out such hazardous characters from user input.

Example follows:
Vulnerable URL (from the OpenCms VFS):
/opencms/opencms/system/modules/org.opencms.workplace.help/jsptemplates/
help_head.jsp?&homelink=>"'><script>alert("This%20site%20has%20been%20co mpromised")</script>

Results:
Insertion of the script into the homelink parameter successfully embeds the script in the response and is executed once the page is loaded into the user's browser (i.e. vulnerable to Cross-Site Scripting)

Below find the complete list of vulnerable URL's (all paths are relative to the OpenCms VFS). All issues are of High risk.

/opencms/opencms/system/modules/org.opencms.workplace.help/elements/sear
ch.jsp

Remediation: Filter out hazardous characters from user input

Parameter(s): query

Vulnerability(s): Cross-Site Scripting

/opencms/opencms/system/modules/org.opencms.workplace.help/jsptemplates/
help_head.jsp

Remediation: Filter out hazardous characters from user input

Parameter(s): homelink

Vulnerability(s): Cross-Site Scripting, Phishing Through Frames

/opencms/opencms/system/workplace/commons/preferences.jsp

Remediation: Verify that parameter values are in their expected ranges and types. Do not output debugging error messages and exceptions

Parameter(s): tabdicopyfilemode, tabdicopyfoldermode, tabdideletefilemode

Vulnerability(s): Application Error

/opencms/opencms/system/workplace/commons/property.jsp

Remediation: Filter out hazardous characters from user input

Parameter: resource

Vulnerability(s): Cross-Site Scripting

/opencms/opencms/system/workplace/commons/publishproject.jsp

Remediation: Filter out hazardous characters from user input

Parameter(s): title, cancel, dialogtype, framename, progresskey, projected, projectname, publishsiblings, relatedresources, subresources

Vulnerability(s): Cross-Site Scripting, Phishing Through Frames, SQL Injection

/opencms/opencms/system/workplace/commons/publishresource.jsp

Remediation: Filter out hazardous characters from user input

Parameter(s):

Vulnerability(s): Cross-Site Scripting

/opencms/opencms/system/workplace/commons/unlock.jsp

Remediation: Filter out hazardous characters from user input

Parameter(s): title

Vulnerability(s): Cross-Site Scripting, Phishing Through Frames

/opencms/opencms/system/workplace/editors/editor.jsp

Remediation: Filter out hazardous characters from user input

Parameter(s): resource

Vulnerability(s): Cross-Site Scripting

/opencms/opencms/system/workplace/editors/dialogs/elements.jsp

Remediation: Filter out hazardous characters from user input

Parameter(s): elementlanguage, resource, title

Vulnerability(s): Cross-Site Scripting, Phishing Through Frames

/opencms/opencms/system/workplace/locales/en/help/index.html

Remediation: Filter out hazardous characters from user input

Parameter(s): workplaceresource

Vulnerability(s): Phishing Through Frames

/opencms/opencms/system/workplace/views/admin/admin-main.jsp

Remediation: Filter out hazardous characters from user input

Parameter(s): path

Vulnerability(s): Cross-Site Scripting

/opencms/opencms/system/workplace/views/explorer/contextmenu.jsp

Remediation: Filter out hazardous characters from user input

Parameter(s): acttarget

Vulnerability(s): Cross-Site Scripting, Phishing Through Frames

/opencms/opencms/system/workplace/views/explorer/explorer_files.jsp

Remediation: Filter out hazardous characters from user input

Parameter(s): mode

Vulnerability(s): Cross-Site Scripting

Katie French

CGI Federal