« Вийшов WordPress 2.5
Добірка уразливостей »

Уразливість в MODx CMS

23:53 02.04.2008

У жовтні, 11.10.2007, я знайшов Cross-Site Scripting уразливість в MODx CMS. Це популярна content management framework (CMF) та content management system (CMS). Як раз коли знайшов уразливість на www.internetua.com.

XSS:

Уразливість в скрипті index.php в параметрі email.

http://site/index.php?operation=subscribe&id=39&email=%3CBODY%20onload=alert(document.cookie)%3E


This entry was posted on 23:53 02.04.2008 and is filed under Уразливості. You can follow any responses to this entry through the RSS 2.0 feed.

2 відповідей на “Уразливість в MODx CMS”

  1. Ryan Thrash каже:
    П'ятниця, 00:22 04.04.2008

    This appears to be a site-specific exploit due to third party add-on email or newsletter code running on an older version of MODx. We cannot reproduce this with current MODx distributions.

  2. MustLive каже:
    Субота, 23:50 05.04.2008

    Ryan

    Thanks for fast reply. So this hole is not in core of MODx, but in some third party add-on (in this case add-on for email subscription). I’ll inform you about other vulnerabilities which I found at that site which is using MODx CMS.

Leave a Reply

You must be logged in to post a comment.