[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Multiple Vulns in Bitrix CMS

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Multiple Vulns in Bitrix CMS
From: Gogi The Georgian <gogi__@xxxxxxx>
Date: Thu, 18 May 2006 09:03:14 +0400

Multiple Vulns in Bitrix CMS
Vendor bitrix.com
Version The latest one (4.1.x)
Severity Medium
Patched: No

Multiple vulnerabilities discovered in Bitrix CMS. A remote attacker can 
conduct XSS attacks and compromise vulnerable system. 
1.      A remote attacker can get information about version history and latest 
installed version of Bitrix CMS by viewing the /bitrix/updates/updater.log file.
Ex: http://www.bitrix.ru/bitrix/updates/updater.log
2.      XSS vulnerability exists in handling of redirects in the auth form (and 
possibly other forms) during HTTP POST request. Remote user can set the 
back_url hidden field to remote site and redirect victim to a malicious Web 
page. 
3.      Script injection vulnerability exists in administrative interface in 
handling of HTML strings.
Ex: &quot;&gt;&lt;script&gt;alert('XSS')&lt;/script&gt; will be interpreted as 
"><script>alert('XSS') </script> and executed. (tested with mozilla firefox)
4.      Vulnerability exists in the Update functionality of Bitrix CMS. Remote 
attacker can poison DNS cache of victims system and force it to connect to a 
malicious Web server. Bitrix update client does not even try to validate the 
server it connects to. A remote attacker can get md5 hash of the Key product, 
detailed information about the system and install and later execute malicious 
PHP scripts. 

Gogi The Georgian

Prev by Date: CodeScan Advisory: Avatar MOD v1.3 for Snitz Forums v3.4 - Arbitrary File Upload
Next by Date: [cosmoshop again] sql injection + view all files as admin user
Previous by thread: CodeScan Advisory: Avatar MOD v1.3 for Snitz Forums v3.4 - Arbitrary File Upload
Next by thread: [cosmoshop again] sql injection + view all files as admin user
Index(es):
- Date
- Thread