FYI - Found possible new CMSMS Vulnerability
- johnbmcdonald
- Forum Members
- Posts: 60
- Joined: Mon May 14, 2007 8:01 pm
- Location: Edmond, OK, USA
FYI - Found possible new CMSMS Vulnerability
http://secwatch.org/advisories/1019900/
Bugtraq ID: BID#27074
Description:
An input validation vulnerability in the TinyMCE module for CMS Made Simple has been reported, which can be exploited by remote users to conduct SQL injection attacks.
User-supplied input passed to the "templateid" parameter in the modules/TinyMCE/content_css.php script is not correctly sanitised before being used in a SQL query. This can be exploited by a specially crafted parameter value to execute arbitrary SQL commands on the underlying database.
Affected:
CMS Made Simple version 1.2.2. Other versions may also be affected.
Proof of Concept:
SQL Injection:
http://[target]/modules/TinyMCE/content_css.php?templateid=[SQL]
Solution:
There was no vendor-supplied solution at the time of entry.
Edit source code manually to ensure user-supplied input is correctly sanitised.
Filter malicious characters and character sequences via a HTTP proxy or firewall with URL filtering capabilities.
Credits:
EgiX
Bugtraq ID: BID#27074
Description:
An input validation vulnerability in the TinyMCE module for CMS Made Simple has been reported, which can be exploited by remote users to conduct SQL injection attacks.
User-supplied input passed to the "templateid" parameter in the modules/TinyMCE/content_css.php script is not correctly sanitised before being used in a SQL query. This can be exploited by a specially crafted parameter value to execute arbitrary SQL commands on the underlying database.
Affected:
CMS Made Simple version 1.2.2. Other versions may also be affected.
Proof of Concept:
SQL Injection:
http://[target]/modules/TinyMCE/content_css.php?templateid=[SQL]
Solution:
There was no vendor-supplied solution at the time of entry.
Edit source code manually to ensure user-supplied input is correctly sanitised.
Filter malicious characters and character sequences via a HTTP proxy or firewall with URL filtering capabilities.
Credits:
EgiX
Re: FYI - Found possible new CMSMS Vulnerability
wendor supplied hotfix available now
http://cmsmadesimple.org/pastebin/1440
or uninstall tinymce and remove its files
http://cmsmadesimple.org/pastebin/1440
or uninstall tinymce and remove its files
Re: FYI - Found possible new CMSMS Vulnerability
Hello,
thank you for reporting and thanks devs for the hot fix.
http://wiki.cmsmadesimple.org/index.php ... l_Settings
Pierre M.
thank you for reporting and thanks devs for the hot fix.
...as described in CMSms documentation about URL filtering :johnbmcdonald wrote: Filter malicious characters and character sequences via (...) URL filtering capabilities.
http://wiki.cmsmadesimple.org/index.php ... l_Settings
Pierre M.
- johnbmcdonald
- Forum Members
- Posts: 60
- Joined: Mon May 14, 2007 8:01 pm
- Location: Edmond, OK, USA
Re: FYI - Found possible new CMSMS Vulnerability
Your welcome. I am glad to help where I can.
BTW: I juist ran across another page that was modified.
http://www.cmsmadesimple.org/features
John
BTW: I juist ran across another page that was modified.
http://www.cmsmadesimple.org/features
John
Re: FYI - Found possible new CMSMS Vulnerability
That is a pitty, some more work to do:
the development\roadmap has been changed as well.
the development\roadmap has been changed as well.
Re: FYI - Found possible new CMSMS Vulnerability
Yes, I have seen.johnbmcdonald wrote: BTW: I juist ran across another page that was modified.
http://www.cmsmadesimple.org/features
And I have tried http://www.cmsmadesimple.org/features?s ... d.site.tld
and it is fixed in between (but not filtered). Funny
Re: FYI - Found possible new CMSMS Vulnerability
I think the template itself was changed not individual pages...
Re: FYI - Found possible new CMSMS Vulnerability
Hello,
I just came across cmsms today and downloaded 1.2.3 (after trying many others)
Then I came across this thread.
Can anyone tell me if 1.2.3 is now clear as far as the SQL injection, or do I still need to disable or remove tiny mce?
I really feel for the dev team, because I am so impressed by the package when compared with drupal/joomla.
Thank you for any advice.
I just came across cmsms today and downloaded 1.2.3 (after trying many others)
Then I came across this thread.
Can anyone tell me if 1.2.3 is now clear as far as the SQL injection, or do I still need to disable or remove tiny mce?
I really feel for the dev team, because I am so impressed by the package when compared with drupal/joomla.
Thank you for any advice.
-
- Support Guru
- Posts: 8169
- Joined: Tue Oct 19, 2004 6:44 pm
- Location: Fernie British Columbia, Canada
Re: FYI - Found possible new CMSMS Vulnerability
1.2.3 is the 'fixed version'. it takes care of the afore mentiond SQL injection vulnerability.
Go ahead, install, play around.
Go ahead, install, play around.
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Re: FYI - Found possible new CMSMS Vulnerability
Thanks very much for the quick reply. Much appreciated.
So is it ok to enable/use the tinymce editor with 1.2.3
?
Thanks again.
So is it ok to enable/use the tinymce editor with 1.2.3
?
Thanks again.
-
- Support Guru
- Posts: 8169
- Joined: Tue Oct 19, 2004 6:44 pm
- Location: Fernie British Columbia, Canada
Re: FYI - Found possible new CMSMS Vulnerability
Yes, 1.2.3 fixed the vulnerability in Tiny.
Follow me on twitter
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Please post system information from "Extensions >> System Information" (there is a bbcode option) on all posts asking for assistance.
--------------------
If you can't bother explaining your problem well, you shouldn't expect much in the way of assistance.
Re: FYI - Found possible new CMSMS Vulnerability
Thank you very much for clarifying that.
Looking forward to becoming familiar with cmsms, maybe asking a few questions, and then hopefully giving a bit back to the community.
Cheers.
Looking forward to becoming familiar with cmsms, maybe asking a few questions, and then hopefully giving a bit back to the community.
Cheers.