[opencms-dev] Alkacon OpenCms 'tree_files.jsp' Cross-Site Scripting Vulnerability

Claus Priisholm cpr at codedroids.com
Thu Feb 28 15:54:45 CET 2008


Seems to be an issue in 
org.opencms.workplace.explore.CmsTree.printError() method which 
eventually will output the "resource" parameter to a javascript code 
block as a comment - but the included comments "tags" in the crafted 
parameter value allows the payload to executed:

<script language="JavaScript">
/*
Error reading folder "/*/ alert(document.cookie); /* /". Given filter 
was "ONLY_VISIBLE_NO_DELETED".
*/
function init() {
}
</script>

I guess it would be sufficient to stop printing the error message in 
printError()-method.

Jose.Delgado at londen-insurance.com wrote:
> Hello,
> 
>       Recently  we ran into the following OpenCMS 7.0.3 reported  issue...
> 
>       Report issue location @ http://www.securityfocus.com/bid/27986.
> 
> 
>       We are wondering if  you have more information about it.
> 
> 
>       Thank you in advance for your help
> 
> 
>       Jose Delgado
>       Londen-Insurance
> 
> 
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://lists.opencms.org/mailman/listinfo/opencms-dev
> 

-- 
Claus Priisholm, CodeDroids ApS
Phone: +45 48 22 46 46
cpr (you know what) codedroids.com - http://www.codedroids.com
cpr (you know what) interlet.dk - http://www.interlet.dk
-- 
Javadocs and other OpenCms stuff: 
http://www.codedroids.com/community/opencms



More information about the opencms-dev mailing list