Look Out For The OpenCms Fault

News

Contributed by: Lauren Gerber
Date: August 7, 2009

	-2 Vote 0	Look Out For The OpenCms Fault

Having your own website is a dream come true for many people. Having your own website that generates income and operates as your own functional business is a fantasy come true for those lucky people that get it right. There are so many different aspects to websites, including updating and maintaining the content. If you are looking for the right software to use, that is able to handle the content of a website effectively and is user friendly at the same time, look no further because OpenCms may just be exactly what you need. The only problem is that OpenCms is currently at risk, due to a vulnerability that was recently discovered in the program.

Why is OpenCms vulnerable? the answer to this question may seem quite complicated at first, but it is fairly simple. There are scripts within OpenCms that do not filer the HTML coding correctly. This is with regard to filtering the code from the input supplied from the user. A hacker could actually create a manipulated URL which, when loaded by the unsuspecting user, will result in arbitrary scripting code being executed by the users' browser. A hacker could also inject arbitrary HTML into particular frames in order to conduct malicious phishing attacks.

The code coming from the site running the OpenCms software, will then run within the security context of that specific site. This will unfortunately result in the code being able to gain access to the cookies, that are associated with the OpenCms site, on targeted users' computer. The code will also be able to access data that was submitted from the target user via web form to the OpenCms site.

This is not the only thing that can happen. A hacker could also perform actions on the site, impersonating the target user. This obviously means that the hacker will be able to see all the target users personal information and anything else site related that may be private.

This vulnerability can be exploited, regardless of what operating system you are using. It affects Linux, UNIX as well as the Windows operating system. This includes Windows XP which, just so you know, contains these files: activate.exe, apimon.exe and b57xp32.sys. You may be wondering if there is a solution to this vulnerability. I am sorry to have to tell you that there is no solution to this vulnerability right now but that does not mean there will not be one in the future.

Resources:
The OpenCms site.
Wikiedpa on OpenCms.

User Comments

Achim Westermann August 8, 2009

This article contains major parts of general knowledge about x-site scripting. When it comes to "apimon.exe" I really have no clue how this relates to OpenCms. You should take a closer look on those reported vulnerabilities and in best case try to reproduce them before writing: Matter of fact: You have to log in to OpenCms with admin credentials before you could use those links. It will not work to spread those links to users that do not have a login to the OpenCms workplace.

Featured Videos

Modify hosts file

From: PC1News Videos

Added: June 13, 2009

Software Downloads

SpyHunter V.3

Free Spyhunter Scanner (Spyware/Trojan Detection). DETECT Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.

Download now

Registry Mechanic 8

Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.

Download now

SpywareBlaster 4.1

The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.

Download now