ZeroCMS v1.0 Cross-Site Scripting Vulnerability
Vendor: Another Awesome Stuff
Product web page: http://www.aas9.in/zerocms
Affected version: 1.0
Severity: Medium
CVE: CVE-2014-4195
Date: 20/06/2014
Discovered by: Filippos Mastrogiannis (@filipposmastro)
ZeroCMS is a very simple Content Management System Built using PHP and MySQL.
Description: ZeroCMS v1.0 is vulnerable to Cross-Site Scripting (XSS)
A cross site scripting vulnerability identified in the variable: "article_id" of
the "zero_view_article.php" file which allows an attacker to execute arbitrary
script code in the browser of an unsuspecting user in the context of the affected site.
This allows several different attack opportunities, mostly hijacking the
current session of the user or changing the look of the page by changing
the HTML on the fly to steal the user's credentials. This happens
because the user input is interpreted as HTML/JavaScript by the browser.
Proof Of Concept:
In order to trigger the vulnerability and to display an alert box with the session
cookie use the following standard payload:
http://localhost/zerocms/zero_view_article.php?article_id=<script>alert(document.cookie);</script>