[MajorSecurity SA-079]PHPKIT WCMS - Multiple stored Cross Site Scripting
Product: PHPKIT WCMS
Discovered by: David Vieira-Kurz of MajorSecurity
PHPKIT WCMS 1.6.5
Prior versions may also be vulnerable
"PHPKIT WCMS is an Content Management System."
We at MajorSecurity have discovered some vulnerabilities in PHPKIT WCMS
1.6.5, which can be exploited by malicious people to conduct persistent
cross-site scripting attacks. Input passed directly to the
"gbook_welcome" parameter in
"/de/pk/include.php?path=config&mode=guestbook" and to the
"rss_page_text" parameter in
"/de/pk/include.php?path=config&mode=rssfeed" is not properly sanitised
before being stored and returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.
Web applications should never trust on user generated input and
therefore sanatize all input. Edit the source code to ensure that input
is properly sanitised.
MajorSecurity is a German sourcecode audit and penetration test company
which focuses on (web-)application security. We offer professional
source code audit, penetrationstest and pci dss compliance tests. Visit
us at http://www.majorsecurity.net/source-code-audit.php