Openengine LFI and XSS Vulnerability [0day]

  • Post author:
  • Reading time:1 mins read

SecPod Research Team has found one LFI (Local File Inclusion) and XSS flaw in Openengine CMS, which can be used to obtain
potentially sensitive information and execute arbitrary HTML, script code in a user’s browser session in the context of an affected site. The flaw lies in the ‘template’ parameter in “cms/website.php” while the web application processes the user-supplied input and renders the content back to the client’s browser. The flaw can be exploited to inject arbitrary HTML codes and steal cookies and so on.

More information on the flaws can be found here.

Share this article

This Post Has 2 Comments

  1. todd at packet storm

    Hey guys,

    We received a comment stating that this isn’t a valid local file inclusion vulnerability. Do you have any additional research/proof to share?

  2. Veerendra GG

    Hello Todd,

    Instead of /etc/passwd, we can include a PHP file that exists else where and the code gets executed.

    To test this:
    – Create phpinfo.php containing phpinfo() function and try, (magic quotes should be Off i.e magic_quotes_gpc = Off)

    This should work.

Comments are closed.