WebStudio Multiple XSS Vulnerabilities

2007-06-06 / 2007-06-07
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Application: WebStudio CMS Vendors Url: http://www.bdigital.biz Bug Type: Multiple URL Handling Remote Cross-Site Scripting Vulnerabilities Exploitation: Remote Severity: Less Critical Solution Status: Unpatched Introduction: WebStudio CMS is a web-based CMS system Google Dork: "Powered by WebStudio" Description: User-supplied input passed via the URL is not properly sanitised before it is being returned to the user in index.php?pageid=. This can be exploited to execute arbitrary script code in the security context of an affected website, as a result the code will be able to access any of the target user's cookies, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user. PoC: http://[target]/?pageid=[XSS] http://[target]/?pageid=</textarea>[XSS] http://[target]/?pageid=</title>[XSS] http://[target]/?pageid=-->[XSS] http://[target]/?pageid=email (at) address (dot) com [email concealed][XSS]domain.com http://[target]/?pageid=<body+onload=[XSS] http://[target]/?pageid=</div>[XSS] http://[target]/index.php?pageid=>'>[XSS] http://[target]/index.php?pageid=</textarea>[XSS] http://[target]/index.php?pageid=</title>[XSS] http://[target]/index.php?pageid=-->[XSS] http://[target]/index.php?pageid=email (at) address (dot) com [email concealed][XSS]domain.com http://[target]/index.php?pageid=<body+onload=[XSS] http://[target]/index.php?pageid=</div>[XSS] Solution: There was no vendor-supplied solution at the time of entry. Edit source code manually to ensure user-supplied input is correctly sanitised. Filter malicious characters and character sequences via a HTTP proxy or firewall with URL filtering capabilities. Credits: Glafkos Charalambous glafkos (at) infosec (dot) org (dot) uk Information Security Uncensored InfoSEC.org.uk


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top