[opencms-dev] Alkacon OpenCms 'tree_files.jsp' Cross-Site Scripting Vulnerability
Claus Priisholm
cpr at codedroids.com
Thu Feb 28 15:54:45 CET 2008
Seems to be an issue in
org.opencms.workplace.explore.CmsTree.printError() method which
eventually will output the "resource" parameter to a javascript code
block as a comment - but the included comments "tags" in the crafted
parameter value allows the payload to executed:
<script language="JavaScript">
/*
Error reading folder "/*/ alert(document.cookie); /* /". Given filter
was "ONLY_VISIBLE_NO_DELETED".
*/
function init() {
}
</script>
I guess it would be sufficient to stop printing the error message in
printError()-method.
Jose.Delgado at londen-insurance.com wrote:
> Hello,
>
> Recently we ran into the following OpenCMS 7.0.3 reported issue...
>
> Report issue location @ http://www.securityfocus.com/bid/27986.
>
>
> We are wondering if you have more information about it.
>
>
> Thank you in advance for your help
>
>
> Jose Delgado
> Londen-Insurance
>
>
> _______________________________________________
> This mail is sent to you from the opencms-dev mailing list
> To change your list options, or to unsubscribe from the list, please visit
> http://lists.opencms.org/mailman/listinfo/opencms-dev
>
--
Claus Priisholm, CodeDroids ApS
Phone: +45 48 22 46 46
cpr (you know what) codedroids.com - http://www.codedroids.com
cpr (you know what) interlet.dk - http://www.interlet.dk
--
Javadocs and other OpenCms stuff:
http://www.codedroids.com/community/opencms
More information about the opencms-dev
mailing list