what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

CMS Made Simple Cross Site Scripting

CMS Made Simple Cross Site Scripting
Posted May 8, 2010
Authored by Hanno Boeck | Site hboeck.de

CMS Made Simple versions 1.7.0 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2010-1482
SHA-256 | c234bcd08fbe8dd9ae72b6a0ca19941afe45cdaa2d5374ec53ee5e0ce5834ad3

CMS Made Simple Cross Site Scripting

Change Mirror Download
CMS Made Simple: backend cross site scripting (XSS), CVE-2010-1482

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1482
http://int21.de/cve/CVE-2010-1482-cmsmadesimple-xss-backend.html
http://blog.cmsmadesimple.org/2010/05/01/announcing-cms-made-simple-1-7-1-escade/

Description

CMS Made Simple 1.7.0 and earlier is vulnerable to cross site scripting in the
backend. The personal options page at admin/editprefs.php contains the field
date_format_string, which is not properly escaped and can be filled with
Javascript-code, e.g. "><script>alert(1)</script>.

As this page cannot be viewed by the admin or other users, this only allows
quite unlikely attack scenarios, so the impact should be considered very low.

Vendor has released 1.7.1, which filters out HTML-tags and restricts the field
size to 10 chars. Filtering out HTML-tags alone does not help, as one can
still use JavaScript event handlers (e.g. onMouseOver), but 10 chars doesn't
allow any useful code to be injected. The proper solution would be escaping
the output including quotes. So this is fixed, but it's not a very clean
solution.

Disclosure Timeline

2010-04-30: Vendor contacted
2010-04-30: Vendor replied
2010-05-01: Vendor released 1.7.1 with fix
2010-05-07: Published advisory

Credits

This vulnerability was discovered by Hanno Boeck, http://www.hboeck.de, of
schokokeks.org webhosting.

--
Hanno Böck Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail: hanno@hboeck.de

http://schokokeks.org - professional webhosting
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close