Textpattern CMS version 4.2.0 suffers from a cross site scripting vulnerability.
dfd74462ca449e44ea96a803fec91e74f488f325e663ca8a1504db6bf23bdda4
Textpattern 4.2.0 (txplib_db) Null Termination Cross-Site Scripting Vulnerability
Vendor: Team Textpattern
Product web page: http://www.textpattern.com
Affected version: 4.2.0
Summary: Textpattern is an open source content management system
unlike any other; it allows you to easily create, edit and publish
content and make it beautiful in a professional, standards-compliant
manner.
Desc: Textpattern CMS version 4.2.0 suffers from a XSS vulnerability.
Input passed via the "q" parameter to Textpattern (TXP) Tag Library
(txplib_db.php) is not properly sanitised before being returned to
the user. This can be exploited to execute arbitrary HTML and script
code in a user's browser session in context of an affected site.
Tested on: Microsoft Windows XP Professional SP3 (EN)
PHP 5.3.0
MySQL 5.1.36
Apache 2.2.11 (Win32)
Vendor status: [05.09.2010] Vulnerability discovered.
[05.09.2010] Initial contact with the vendor.
[07.09.2010] No reply from vendor.
[08.09.2010] Public advisory released.
Vulnerability discovered by: Gjoko 'LiquidWorm' Krstic
Zero Science Lab - http://www.zeroscience.mk
liquidworm gmail com
Zero Science Lab Advisory ID: ZSL-2010-4963
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4963.php
PoC:
http://127.0.0.1/?q=%00<script>alert(document.cookie)</script>