Redaxo 4.4 Cross Site Scripting Vulnerability



EKU-ID: 2513 CVE: 2012-3869 OSVDB-ID:
Author: High-Tech Bridge Security Research Lab Published: 2012-07-27 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


Vendor: Redaxo team
Vulnerable Version(s): 4.4 and probably prior
Tested Version: 4.4
Vendor Notification: 4 July 2012
Vendor Patch: 23 July 2012
Public Disclosure: 25 July 2012
Vulnerability Type: Cross-Site Scripting (XSS)
CVE Reference: CVE-2012-3869
CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Solution Status: Fixed by Vendor
Risk Level: Medium
Discovered and Provided: High-Tech Bridge Security Research Lab ( https://www.htbridge.com/advisory/ )

-----------------------------------------------------------------------------------------------

Advisory Details:

High-Tech Bridge Security Research Lab has discovered vulnerability in Redaxo, which can be exploited to perform Cross-Site Scripting (XSS) attacks.


1) Cross-Site Scripting (XSS) in Redaxo: CVE-2012-3869

1.1 Input passed via the "subpage" GET parameter to /redaxo/index.php (when "page" is set to "user" or "template") is not properly sanitised before being returned to the user.

This can be exploited to execute arbitrary HTML and script code in administrator's browser session in context of affected website.

The following PoC (Proof of Concept) demonstrate the vulnerability:


http://[host]/redaxo/index.php?page=user&subpage=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/redaxo/index.php?page=template&subpage=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E


-----------------------------------------------------------------------------------------------

Solution:

Apply vendor's patch: http://www.redaxo.org/files/sicherheitsupdate_4_3_und_4_4.zip
More Information:
http://www.redaxo.org/de/download/sicherheitshinweise/

-----------------------------------------------------------------------------------------------

References:

[1] High-Tech Bridge Advisory HTB23098 - https://www.htbridge.com/advisory/HTB23098 - Cross-Site Scripting (XSS) in Redaxo.
[2] Redaxo - http://www.redaxo.org/ - PHP MySQL Open Source Content Management System.
[3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.

-----------------------------------------------------------------------------------------------