what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Micro CMS 1.0 b1 Cross Site Scripting

Micro CMS 1.0 b1 Cross Site Scripting
Posted Sep 29, 2010
Authored by Veerendra G.G | Site secpod.com

Micro CMS version 1.0 b1 suffers from a persistent cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | b0260c84437612099c38be3ddf9f0df6f04364d1941270c9ccb41aaa51af14f4

Micro CMS 1.0 b1 Cross Site Scripting

Change Mirror Download
##############################################################################

Title : Micro CMS Persistent Cross-Site Scripting Vulnerability.
Author : Veerendra G.G from SecPod Technologies (www.secpod.com)
Vendor : http://www.micro-cms.com/
Advisory : http://secpod.org/blog/?p=135
http://secpod.org/advisories/SECPOD_MicroCMS.txt
Version : Micro CMS 1.0 beta 1
Date : 09/28/2010

###############################################################################

SecPod ID: 1004 09/03/2010 Issue Discovered
09/05/2010 Vendor Notified
No Response from Vendor


Class: Persistent Cross-Site Scripting Severity: High


Overview:
---------
Micro CMS is prone to Persistent Cross-Site Scripting Vulnerability.

Technical Description:
----------------------
Micro CMS is prone to a Persistent Cross-Site vulnerability because it fails to
properly sanitize user-supplied input.

Input passed via the 'name' parameter(also in text-area) in a comment section
to "comments/send/" is not properly verified before it is returned to the
user. This can be exploited to execute arbitrary HTML and script code in a
user's browser session in the context of a vulnerable site. This may allow
the attacker to steal cookie-based authentication and to launch further attacks.

The exploit has been tested in Micro CMS 1.0 beta 1


Impact:
--------
Successful exploitation allows an attacker to execute arbitrary HTML and script
code in a user's browser session in the context of a vulnerable site.


Affected Software:
------------------
Micro CMS 1.0 beta 1 and prior


References:
-----------
http://www.micro-cms.com/
http://secpod.org/blog/?p=135
http://secpod.org/advisories/SECPOD_MicroCMS.txt


Proof of Concepts:
------------------
Add the following attack strings:
1. My XSS Test </legend><script> alert('XSS-Test')</script> <!--

OR

2. My XSS Test </legend><script> alert('XSS-Test')</script>

OR

3. <script> alert('XSS-Test')</script>

in "* Name" textbox in comment section and fill other sections properly.

NOTE : Some time above POC/Exploit will disable adding comments for that post.


Workaround:
-----------
Not available


Solution:
----------
Not available


Risk Factor:
-------------
CVSS Score Report:
ACCESS_VECTOR = NETWORK
ACCESS_COMPLEXITY = MEDIUM
AUTHENTICATION = NOT_REQUIRED
CONFIDENTIALITY_IMPACT = NONE
INTEGRITY_IMPACT = PARTIAL
AVAILABILITY_IMPACT = PARTIAL
EXPLOITABILITY = PROOF_OF_CONCEPT
REMEDIATION_LEVEL = UNAVAILABLE
REPORT_CONFIDENCE = CONFIRMED
CVSS Base Score = 5.8 (AV:N/AC:M/Au:NR/C:N/I:P/A:P)
CVSS Temporal Score = 5.2
Risk factor = High

Credits:
--------
Veerendra G.G of SecPod Technologies has been credited with the discovery of
this vulnerability.

Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close