Уразливість в MODx CMS
23:53 02.04.2008У жовтні, 11.10.2007, я знайшов Cross-Site Scripting уразливість в MODx CMS. Це популярна content management framework (CMF) та content management system (CMS). Як раз коли знайшов уразливість на www.internetua.com.
XSS:
Уразливість в скрипті index.php в параметрі email.
http://site/index.php?operation=subscribe&id=39&email=%3CBODY%20onload=alert(document.cookie)%3E
П'ятниця, 00:22 04.04.2008
This appears to be a site-specific exploit due to third party add-on email or newsletter code running on an older version of MODx. We cannot reproduce this with current MODx distributions.
Субота, 23:50 05.04.2008
Ryan
Thanks for fast reply. So this hole is not in core of MODx, but in some third party add-on (in this case add-on for email subscription). I’ll inform you about other vulnerabilities which I found at that site which is using MODx CMS.