SyndeoCMS 3.0.01 Cross Site Scripting

2012-03-31 / 2012-04-01
Credit: Ivano Binetti
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


CVSS Base Score: 3.5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 6.8/10
Exploit range: Remote
Attack complexity: Medium
Authentication: Single time
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

+---------------------------------------------------------------------------------------------------------------------------------+ # Exploit Title : SyndeoCMS <= 3.0.01 Persistent XSS # Date : 29-03-2012 # Author : Ivano Binetti (http://ivanobinetti.com) # Vendor site : http://www.syndeocms.org/ # Software link : http://sourceforge.net/projects/syndeocms # Version : 3.0.01 and lower # Tested on : Debian Squeeze (6.0) # CVE : CVE-2012-1979 # Original Advisory: http://www.webapp-security.com/2012/03/syndeocms/ +---------------------------------------------------------------------------------------------------------------------------------+ Summary 1)Introduction 2)Description 3)Exploit +---------------------------------------------------------------------------------------------------------------------------------+ 1)Introduction SyndeoCMS is a "Content Management System (CMS) for primary schools, which helps you manage and maintain your website. It can also be a very usefull CMS for small companies or non profit organizations". 2)Description SyndeoCMS 3.0.01 (and lower) is prone to a persistent XSS vulnerability due to an improper input sanitization of "email" parameter, passed to server side logic (path: "starnet/index.php") via http POST method. Exploiting this vulnerability an authenticated user - which is able to change his profile settings - could insert arbitrary code in "Site email" field that will be executed when another admin or user clicks on that user'profile. 3)Exploit Insert the following code in "Email address" field under "starnet/index.php?option=configuration&suboption=users&modoption=edit_user&user_id=<user_id_number>": email@email.com"><script>alert(document.cookie)</script> +---------------------------------------------------------------------------------------------------------------------------------+

References:

http://sourceforge.net/projects/syndeocms
http://www.webapp-security.com/2012/03/syndeocms/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top