exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

wityCMS 0.6.1 Cross Site Scripting

wityCMS 0.6.1 Cross Site Scripting
Posted May 28, 2018
Authored by Nathu Nandwani

wityCMS version 0.6.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-11512
SHA-256 | cf35f62293a5c896e129d0813de47e7e5cdcf4189cc5ad8ec259e3deaca58794

wityCMS 0.6.1 Cross Site Scripting

Change Mirror Download
# Exploit Title: wityCMS 0.6.1 Persistent XSS on "Website's name" field
# Date: 05/28/2018
# Exploit Author: Nathu Nandwani
# Website: http://nandtech.co/
# Vendor Homepage: https://creatiwity.net/witycms
# Software Link: https://github.com/Creatiwity/wityCMS/releases/tag/0.6.1
# Version: 0.6.1
# Tested on: Windows 10 x64 (XAMPP, Chrome)
# CVE: CVE-2018-11512

*Description

A persistent/stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general.

*Proof of Concept

1. Attacker logs in as an administrator of the site.
2. Attacker visits the Administrator page and clicks on the general options then settings menu.
3. Attacker enters the script below in the "Website's name" field:
<scri<script>pt>alert(1)</scri</script>pt>
Note: The "script" tag is being filtered but not recursively so having the first tag stripped off will still execute the one being combined.
3. Once the "Save" button is clicked, the payload will execute.
4. When an unauthenticated user visits the home page, the payload will also execute.

*Mitigation

See https://github.com/Creatiwity/wityCMS/commit/7967e5bf15b4d2ee6b85b56e82d7e1229147de44

Timeline

2018-05-27-Vulnerability reported to wityCMS development team
2018-05-27-CVE requested from mitre.org
2018-05-28-wityCMS development team acknowledges and will be pushing the fix for production on 0.6.2
2015-05-28-CVE published by mitre: https://twitter.com/CVEnew/status/1001093385929805831

Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close