21 lines
No EOL
1.1 KiB
Text
21 lines
No EOL
1.1 KiB
Text
source: https://www.securityfocus.com/bid/52666/info
|
|
|
|
Open Journal Systems is prone to following multiple vulnerabilities because the software fails to sufficiently sanitize user-supplied input:
|
|
|
|
1. An arbitrary-file-deletion vulnerability
|
|
2. A security vulnerability
|
|
3. An arbitrary-file-upload vulnerability
|
|
4. Multiple cross-site scripting vulnerabilities
|
|
|
|
An attacker may leverage these issues to execute arbitrary script code, upload arbitrary files, and execute arbitrary code with administrative privileges. These issues may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
|
|
|
|
Open Journal Systems 2.3.6 is vulnerable; other versions may also be affected.
|
|
|
|
On the following URL:
|
|
http://www.example.com/index.php/[journal]/author/submit/3?articleId=[id]
|
|
the attacker should inject malicious scripting code to the "Bio Statement" or "Abstract of Submission" fields:
|
|
<img src="x"/onerror=alert(document.cookie)>
|
|
or (browser specific):
|
|
<img style="width:expression(alert(document.cookie));"></a>
|
|
The stored XSS will be displayed here:
|
|
http://www.example.com/index.php/[submission]/author/submission/[id] |