Elkapax CMS Cross site scripting vulnerability

================= IUT-CERT =================

Title: Elkapax CMS Multiple Vulnerabilities

Vendor: www.elkapax.com

Type: Input.Validation.Vulnerability (Cross Site Scripting)

Fix: N/A

================== nsec.ir =================

Description:

------------------

Elkapax is a CMS producer in Iran. Search page in Elkapax CMS

product are vulnerable to XSS vulnerability.

Vulnerability Variant:

------------------

Cross Site Scripting vulnerability in  Search page in "q" parameter.

http://example.com/?q=<script>alert(123)</script>&mode=2


Solution:

------------------

Input validation of Parameter "q" should be corrected.

Credit:

------------------

Isfahan University of Technology - Computer Emergency Response Team

Thanks to : N. Fathi, E. Jafari, M. R. Faghani


Replies to this exploit:

From: security curmudgeon jericho@attrition.org
Sent: Wed 19. Aug 2009 05:09
: Title: Elkapax CMS Multiple Vulnerabilities
: 
: Vendor: www.elkapax.com

: Fix: N/A

: Elkapax is a CMS producer in Iran. Search page in Elkapax CMS
: 
: product are vulnerable to XSS vulnerability.
: 
: Cross Site Scripting vulnerability in  Search page in "q" parameter.
: 
: http://example.com/?q=<script>alert(123)</script>&mode=2
: 
: Solution:
: 
: Input validation of Parameter "q" should be corrected.
: 
: Credit:
: 
: Isfahan University of Technology - Computer Emergency Response Team
: 
: Thanks to : N. Fathi, E. Jafari, M. R. Faghani

So a University of Technology maintains a CERT team, that discloses the 
most basic of XSS flaws, and you cannot even figure out which script is 
affected?

You thank three people, presumably for help in this discovery or advisory. 
On top of that, you disclose this without a solution other than "sanitize 
input" in so many words.

I believe you have done worse than any of the random <script> pasting 
kiddies flooding the list for the last ten years.

- security curmudgeon


From: security curmudgeon jericho@attrition.org
Sent: Wed 19. Aug 2009 05:09
: Title: Elkapax CMS Multiple Vulnerabilities
: 
: Vendor: www.elkapax.com

: Fix: N/A

: Elkapax is a CMS producer in Iran. Search page in Elkapax CMS
: 
: product are vulnerable to XSS vulnerability.
: 
: Cross Site Scripting vulnerability in  Search page in "q" parameter.
: 
: http://example.com/?q=<script>alert(123)</script>&mode=2
: 
: Solution:
: 
: Input validation of Parameter "q" should be corrected.
: 
: Credit:
: 
: Isfahan University of Technology - Computer Emergency Response Team
: 
: Thanks to : N. Fathi, E. Jafari, M. R. Faghani

So a University of Technology maintains a CERT team, that discloses the 
most basic of XSS flaws, and you cannot even figure out which script is 
affected?

You thank three people, presumably for help in this discovery or advisory. 
On top of that, you disclose this without a solution other than "sanitize 
input" in so many words.

I believe you have done worse than any of the random <script> pasting 
kiddies flooding the list for the last ten years.

- security curmudgeon


From: security curmudgeon jericho@attrition.org
Sent: Wed 19. Aug 2009 05:09
: Title: Elkapax CMS Multiple Vulnerabilities
: 
: Vendor: www.elkapax.com

: Fix: N/A

: Elkapax is a CMS producer in Iran. Search page in Elkapax CMS
: 
: product are vulnerable to XSS vulnerability.
: 
: Cross Site Scripting vulnerability in  Search page in "q" parameter.
: 
: http://example.com/?q=<script>alert(123)</script>&mode=2
: 
: Solution:
: 
: Input validation of Parameter "q" should be corrected.
: 
: Credit:
: 
: Isfahan University of Technology - Computer Emergency Response Team
: 
: Thanks to : N. Fathi, E. Jafari, M. R. Faghani

So a University of Technology maintains a CERT team, that discloses the 
most basic of XSS flaws, and you cannot even figure out which script is 
affected?

You thank three people, presumably for help in this discovery or advisory. 
On top of that, you disclose this without a solution other than "sanitize 
input" in so many words.

I believe you have done worse than any of the random <script> pasting 
kiddies flooding the list for the last ten years.

- security curmudgeon


From: security curmudgeon jericho@attrition.org
Sent: Wed 19. Aug 2009 05:09
: Title: Elkapax CMS Multiple Vulnerabilities
: 
: Vendor: www.elkapax.com

: Fix: N/A

: Elkapax is a CMS producer in Iran. Search page in Elkapax CMS
: 
: product are vulnerable to XSS vulnerability.
: 
: Cross Site Scripting vulnerability in  Search page in "q" parameter.
: 
: http://example.com/?q=<script>alert(123)</script>&mode=2
: 
: Solution:
: 
: Input validation of Parameter "q" should be corrected.
: 
: Credit:
: 
: Isfahan University of Technology - Computer Emergency Response Team
: 
: Thanks to : N. Fathi, E. Jafari, M. R. Faghani

So a University of Technology maintains a CERT team, that discloses the 
most basic of XSS flaws, and you cannot even figure out which script is 
affected?

You thank three people, presumably for help in this discovery or advisory. 
On top of that, you disclose this without a solution other than "sanitize 
input" in so many words.

I believe you have done worse than any of the random <script> pasting 
kiddies flooding the list for the last ten years.

- security curmudgeon


From: security curmudgeon jericho@attrition.org
Sent: Wed 19. Aug 2009 05:09
: Title: Elkapax CMS Multiple Vulnerabilities
: 
: Vendor: www.elkapax.com

: Fix: N/A

: Elkapax is a CMS producer in Iran. Search page in Elkapax CMS
: 
: product are vulnerable to XSS vulnerability.
: 
: Cross Site Scripting vulnerability in  Search page in "q" parameter.
: 
: http://example.com/?q=<script>alert(123)</script>&mode=2
: 
: Solution:
: 
: Input validation of Parameter "q" should be corrected.
: 
: Credit:
: 
: Isfahan University of Technology - Computer Emergency Response Team
: 
: Thanks to : N. Fathi, E. Jafari, M. R. Faghani

So a University of Technology maintains a CERT team, that discloses the 
most basic of XSS flaws, and you cannot even figure out which script is 
affected?

You thank three people, presumably for help in this discovery or advisory. 
On top of that, you disclose this without a solution other than "sanitize 
input" in so many words.

I believe you have done worse than any of the random <script> pasting 
kiddies flooding the list for the last ten years.

- security curmudgeon


From: security curmudgeon jericho@attrition.org
Sent: Wed 19. Aug 2009 05:09
: Title: Elkapax CMS Multiple Vulnerabilities
: 
: Vendor: www.elkapax.com

: Fix: N/A

: Elkapax is a CMS producer in Iran. Search page in Elkapax CMS
: 
: product are vulnerable to XSS vulnerability.
: 
: Cross Site Scripting vulnerability in  Search page in "q" parameter.
: 
: http://example.com/?q=<script>alert(123)</script>&mode=2
: 
: Solution:
: 
: Input validation of Parameter "q" should be corrected.
: 
: Credit:
: 
: Isfahan University of Technology - Computer Emergency Response Team
: 
: Thanks to : N. Fathi, E. Jafari, M. R. Faghani

So a University of Technology maintains a CERT team, that discloses the 
most basic of XSS flaws, and you cannot even figure out which script is 
affected?

You thank three people, presumably for help in this discovery or advisory. 
On top of that, you disclose this without a solution other than "sanitize 
input" in so many words.

I believe you have done worse than any of the random <script> pasting 
kiddies flooding the list for the last ten years.

- security curmudgeon


From: security curmudgeon jericho@attrition.org
Sent: Wed 19. Aug 2009 05:09
: Title: Elkapax CMS Multiple Vulnerabilities
: 
: Vendor: www.elkapax.com

: Fix: N/A

: Elkapax is a CMS producer in Iran. Search page in Elkapax CMS
: 
: product are vulnerable to XSS vulnerability.
: 
: Cross Site Scripting vulnerability in  Search page in "q" parameter.
: 
: http://example.com/?q=<script>alert(123)</script>&mode=2
: 
: Solution:
: 
: Input validation of Parameter "q" should be corrected.
: 
: Credit:
: 
: Isfahan University of Technology - Computer Emergency Response Team
: 
: Thanks to : N. Fathi, E. Jafari, M. R. Faghani

So a University of Technology maintains a CERT team, that discloses the 
most basic of XSS flaws, and you cannot even figure out which script is 
affected?

You thank three people, presumably for help in this discovery or advisory. 
On top of that, you disclose this without a solution other than "sanitize 
input" in so many words.

I believe you have done worse than any of the random <script> pasting 
kiddies flooding the list for the last ten years.

- security curmudgeon


From: security curmudgeon jericho@attrition.org
Sent: Wed 19. Aug 2009 05:09
: Title: Elkapax CMS Multiple Vulnerabilities
: 
: Vendor: www.elkapax.com

: Fix: N/A

: Elkapax is a CMS producer in Iran. Search page in Elkapax CMS
: 
: product are vulnerable to XSS vulnerability.
: 
: Cross Site Scripting vulnerability in  Search page in "q" parameter.
: 
: http://example.com/?q=<script>alert(123)</script>&mode=2
: 
: Solution:
: 
: Input validation of Parameter "q" should be corrected.
: 
: Credit:
: 
: Isfahan University of Technology - Computer Emergency Response Team
: 
: Thanks to : N. Fathi, E. Jafari, M. R. Faghani

So a University of Technology maintains a CERT team, that discloses the 
most basic of XSS flaws, and you cannot even figure out which script is 
affected?

You thank three people, presumably for help in this discovery or advisory. 
On top of that, you disclose this without a solution other than "sanitize 
input" in so many words.

I believe you have done worse than any of the random <script> pasting 
kiddies flooding the list for the last ten years.

- security curmudgeon


From: security curmudgeon jericho@attrition.org
Sent: Wed 19. Aug 2009 05:09
: Title: Elkapax CMS Multiple Vulnerabilities
: 
: Vendor: www.elkapax.com

: Fix: N/A

: Elkapax is a CMS producer in Iran. Search page in Elkapax CMS
: 
: product are vulnerable to XSS vulnerability.
: 
: Cross Site Scripting vulnerability in  Search page in "q" parameter.
: 
: http://example.com/?q=<script>alert(123)</script>&mode=2
: 
: Solution:
: 
: Input validation of Parameter "q" should be corrected.
: 
: Credit:
: 
: Isfahan University of Technology - Computer Emergency Response Team
: 
: Thanks to : N. Fathi, E. Jafari, M. R. Faghani

So a University of Technology maintains a CERT team, that discloses the 
most basic of XSS flaws, and you cannot even figure out which script is 
affected?

You thank three people, presumably for help in this discovery or advisory. 
On top of that, you disclose this without a solution other than "sanitize 
input" in so many words.

I believe you have done worse than any of the random <script> pasting 
kiddies flooding the list for the last ten years.

- security curmudgeon


From: security curmudgeon jericho@attrition.org
Sent: Wed 19. Aug 2009 05:09
: Title: Elkapax CMS Multiple Vulnerabilities
: 
: Vendor: www.elkapax.com

: Fix: N/A

: Elkapax is a CMS producer in Iran. Search page in Elkapax CMS
: 
: product are vulnerable to XSS vulnerability.
: 
: Cross Site Scripting vulnerability in  Search page in "q" parameter.
: 
: http://example.com/?q=<script>alert(123)</script>&mode=2
: 
: Solution:
: 
: Input validation of Parameter "q" should be corrected.
: 
: Credit:
: 
: Isfahan University of Technology - Computer Emergency Response Team
: 
: Thanks to : N. Fathi, E. Jafari, M. R. Faghani

So a University of Technology maintains a CERT team, that discloses the 
most basic of XSS flaws, and you cannot even figure out which script is 
affected?

You thank three people, presumably for help in this discovery or advisory. 
On top of that, you disclose this without a solution other than "sanitize 
input" in so many words.

I believe you have done worse than any of the random <script> pasting 
kiddies flooding the list for the last ten years.

- security curmudgeon


From: security curmudgeon jericho@attrition.org
Sent: Wed 19. Aug 2009 05:09
: Title: Elkapax CMS Multiple Vulnerabilities
: 
: Vendor: www.elkapax.com

: Fix: N/A

: Elkapax is a CMS producer in Iran. Search page in Elkapax CMS
: 
: product are vulnerable to XSS vulnerability.
: 
: Cross Site Scripting vulnerability in  Search page in "q" parameter.
: 
: http://example.com/?q=<script>alert(123)</script>&mode=2
: 
: Solution:
: 
: Input validation of Parameter "q" should be corrected.
: 
: Credit:
: 
: Isfahan University of Technology - Computer Emergency Response Team
: 
: Thanks to : N. Fathi, E. Jafari, M. R. Faghani

So a University of Technology maintains a CERT team, that discloses the 
most basic of XSS flaws, and you cannot even figure out which script is 
affected?

You thank three people, presumably for help in this discovery or advisory. 
On top of that, you disclose this without a solution other than "sanitize 
input" in so many words.

I believe you have done worse than any of the random <script> pasting 
kiddies flooding the list for the last ten years.

- security curmudgeon


From: security curmudgeon jericho@attrition.org
Sent: Wed 19. Aug 2009 05:09
: Title: Elkapax CMS Multiple Vulnerabilities
: 
: Vendor: www.elkapax.com

: Fix: N/A

: Elkapax is a CMS producer in Iran. Search page in Elkapax CMS
: 
: product are vulnerable to XSS vulnerability.
: 
: Cross Site Scripting vulnerability in  Search page in "q" parameter.
: 
: http://example.com/?q=<script>alert(123)</script>&mode=2
: 
: Solution:
: 
: Input validation of Parameter "q" should be corrected.
: 
: Credit:
: 
: Isfahan University of Technology - Computer Emergency Response Team
: 
: Thanks to : N. Fathi, E. Jafari, M. R. Faghani

So a University of Technology maintains a CERT team, that discloses the 
most basic of XSS flaws, and you cannot even figure out which script is 
affected?

You thank three people, presumably for help in this discovery or advisory. 
On top of that, you disclose this without a solution other than "sanitize 
input" in so many words.

I believe you have done worse than any of the random <script> pasting 
kiddies flooding the list for the last ten years.

- security curmudgeon


From: security curmudgeon jericho@attrition.org
Sent: Wed 19. Aug 2009 05:09
: Title: Elkapax CMS Multiple Vulnerabilities
: 
: Vendor: www.elkapax.com

: Fix: N/A

: Elkapax is a CMS producer in Iran. Search page in Elkapax CMS
: 
: product are vulnerable to XSS vulnerability.
: 
: Cross Site Scripting vulnerability in  Search page in "q" parameter.
: 
: http://example.com/?q=<script>alert(123)</script>&mode=2
: 
: Solution:
: 
: Input validation of Parameter "q" should be corrected.
: 
: Credit:
: 
: Isfahan University of Technology - Computer Emergency Response Team
: 
: Thanks to : N. Fathi, E. Jafari, M. R. Faghani

So a University of Technology maintains a CERT team, that discloses the 
most basic of XSS flaws, and you cannot even figure out which script is 
affected?

You thank three people, presumably for help in this discovery or advisory. 
On top of that, you disclose this without a solution other than "sanitize 
input" in so many words.

I believe you have done worse than any of the random <script> pasting 
kiddies flooding the list for the last ten years.

- security curmudgeon


From: security curmudgeon jericho@attrition.org
Sent: Wed 19. Aug 2009 05:09
: Title: Elkapax CMS Multiple Vulnerabilities
: 
: Vendor: www.elkapax.com

: Fix: N/A

: Elkapax is a CMS producer in Iran. Search page in Elkapax CMS
: 
: product are vulnerable to XSS vulnerability.
: 
: Cross Site Scripting vulnerability in  Search page in "q" parameter.
: 
: http://example.com/?q=<script>alert(123)</script>&mode=2
: 
: Solution:
: 
: Input validation of Parameter "q" should be corrected.
: 
: Credit:
: 
: Isfahan University of Technology - Computer Emergency Response Team
: 
: Thanks to : N. Fathi, E. Jafari, M. R. Faghani

So a University of Technology maintains a CERT team, that discloses the 
most basic of XSS flaws, and you cannot even figure out which script is 
affected?

You thank three people, presumably for help in this discovery or advisory. 
On top of that, you disclose this without a solution other than "sanitize 
input" in so many words.

I believe you have done worse than any of the random <script> pasting 
kiddies flooding the list for the last ten years.

- security curmudgeon


From: security curmudgeon jericho@attrition.org
Sent: Wed 19. Aug 2009 05:09
: Title: Elkapax CMS Multiple Vulnerabilities
: 
: Vendor: www.elkapax.com

: Fix: N/A

: Elkapax is a CMS producer in Iran. Search page in Elkapax CMS
: 
: product are vulnerable to XSS vulnerability.
: 
: Cross Site Scripting vulnerability in  Search page in "q" parameter.
: 
: http://example.com/?q=<script>alert(123)</script>&mode=2
: 
: Solution:
: 
: Input validation of Parameter "q" should be corrected.
: 
: Credit:
: 
: Isfahan University of Technology - Computer Emergency Response Team
: 
: Thanks to : N. Fathi, E. Jafari, M. R. Faghani

So a University of Technology maintains a CERT team, that discloses the 
most basic of XSS flaws, and you cannot even figure out which script is 
affected?

You thank three people, presumably for help in this discovery or advisory. 
On top of that, you disclose this without a solution other than "sanitize 
input" in so many words.

I believe you have done worse than any of the random <script> pasting 
kiddies flooding the list for the last ten years.

- security curmudgeon


From: security curmudgeon jericho@attrition.org
Sent: Wed 19. Aug 2009 05:09
: Title: Elkapax CMS Multiple Vulnerabilities
: 
: Vendor: www.elkapax.com

: Fix: N/A

: Elkapax is a CMS producer in Iran. Search page in Elkapax CMS
: 
: product are vulnerable to XSS vulnerability.
: 
: Cross Site Scripting vulnerability in  Search page in "q" parameter.
: 
: http://example.com/?q=<script>alert(123)</script>&mode=2
: 
: Solution:
: 
: Input validation of Parameter "q" should be corrected.
: 
: Credit:
: 
: Isfahan University of Technology - Computer Emergency Response Team
: 
: Thanks to : N. Fathi, E. Jafari, M. R. Faghani

So a University of Technology maintains a CERT team, that discloses the 
most basic of XSS flaws, and you cannot even figure out which script is 
affected?

You thank three people, presumably for help in this discovery or advisory. 
On top of that, you disclose this without a solution other than "sanitize 
input" in so many words.

I believe you have done worse than any of the random <script> pasting 
kiddies flooding the list for the last ten years.

- security curmudgeon