InstantCMS 1.10.2 Multiple vulnerabilities

2013.09.26
Credit: MustLive
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Hello 3APA3A! These are Login Enumeration, Cross-Site Scripting and Content Spoofing vulnerabilities in InstantCMS. ------------------------- Affected products: ------------------------- Vulnerable are InstantCMS 1.10.2 and previous versions. ------------------------- Affected vendors: ------------------------- InstantSoft http://www.instantcms.ru ---------- Details: ---------- Login Enumeration (WASC-42): http://site/users/login It's possible to reveal logins by users' profiles. And also logins of the users are shown in many sections of the site (at users page and others), because developers don't care about leakage of logins of the users. In the next advisory about InstantCMS I'll give more example of such vulnerabilities. Cross-Site Scripting (WASC-08): http://site/includes/swfupload/swfupload.swf?movieName=%22]);}catch(e){}if(!self.a)self.a=!alert(document.cookie);// http://site/includes/swfupload/swfupload.swf?buttonText=%3Ca%20href=%27javascript:alert(document.cookie)%27%3EClick%20me%3C/a%3E Content Spoofing (WASC-12): http://site/includes/swfupload/swfupload.swf?buttonText=test%3Cimg%20src=%27http://demo.swfupload.org/v220/images/logo.gif%27%3E http://site/includes/swfupload/swfupload.swf?buttonImageURL=http://demo.swfupload.org/v220/images/logo.gif ------------ Timeline: ------------ In November 2012 and March 2013 I disclosed and wrote to the lists about vulnerabilities in SWFUpload. All who want fixed these holes, but not developers of InstantCMS. 2013.07.14 - found multiple vulnerabilities in InstantCMS 1.10.1. 2013.07.19 - informed developers about first part of the vulnerabilities. Ignored. 2013.07.30 - announced at my site. 2013.07.31 - informed developers about another part of the vulnerabilities. Answered, but refused to fix. 2013.08.02 - reminded developers about first letter with holes and explained why to fix them. 2013.08.02 - developers released InstantCMS 1.10.2 without fixing any informed vulnerabilities. All above-mentioned holes work in it. 2013.09.24 - disclosed at my site (http://websecurity.com.ua/6681/). Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua

References:

http://websecurity.com.ua/6681/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top