BaseKit bug XSS Advisory

I contacted BaseKit.com company 45 days ago to warn about a bug XSS (Cross Site Scripting) in their systems. They told me that in 15 days it would be solved, but have passed 45 days and the error still exists, so I’ve decided to publish it.

BaseKit.com is a company that sells a service for creating online websites easily with a visual editor. On their website they advertise that have been created 228,000 web pages using their system.

Their system uses HTTP rewrite module, and therefore never reached an HTTP error number 404. All URL’s are injected into the source code as follows:

<link rel=”stylesheet” type=”text/css” href=”http://DOMAIN.COM/PATH?startcss=true” />

PATH is not filtered in any way, so you can put HTML code in URL and it will be copied to source code.

For example, with a URL as:

http://DOMAIN.COM/”><script>alert(document.cookie);</script>

It will be copied as:

<link rel=”stylesheet” type=”text/css” href=”http://DOMAIN.COM/”><script>alert(document.cookie);</script>?startcss=true” />

So you can execute javascript code.

On their website BaseKit.com you can see examples of pages created with your system, you can check the bug in a real website with next link:

http://www.instalcesped.com/”><script>alert(document.cookie);</script>

eNYeLKM v1.1

LKM rootkit for Linux x86 with the 2.6 kernel. It inserts salts inside system_call and sysenter_entry handlers, so it does not modify sys_call_table, or IDT content. It hide files, directories, and processes. Hides chunks inside of files, gives remote reverse_shell access, local root, etc.

Download LKM

eNYe Sec  |  Computer Security · Green Hope Theme by Sivan & schiy · Powered by WordPress