WonderCMS 0.9.8 Cross Site Scripting

2016.11.23
Credit: Manuel Garcia Cardenas
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79

============================================= MGC ALERT 2016-006 - Original release date: Nov 16, 2016 - Last revised: Nov 21, 2016 - Discovered by: Manuel Garcia Cardenas - Severity: 4,8/10 (CVSS Base Score) ============================================= I. VULNERABILITY ------------------------- Reflected XSS in WonderCMS <= v0.9.8 II. BACKGROUND ------------------------- WonderCMS is a simple, small & secure flat file CMS. III. DESCRIPTION ------------------------- Has been detected a reflected XSS vulnerability in WonderCMS, that allows the execution of arbitrary HTML/script code to be executed in the context of the victim user's browser. The code injection is done through the parameter "page" in the page "editinplace.php". IV. PROOF OF CONCEPT ------------------------- Malicious Request: /wonder/js/editinplace.php?page=<XSS injection> Example: /wonder/js/editinplace.php?page=<script>alert(1)</script> V. BUSINESS IMPACT ------------------------- An attacker can execute arbitrary HTML or script code in a targeted user's browser, this can leverage to steal sensitive information as user credentials, personal data, etc. VI. SYSTEMS AFFECTED ------------------------- WonderCMS <= v0.9.8 VII. SOLUTION ------------------------- Update to 0.9.9 version VIII. REFERENCES ------------------------- https://wondercms.com/ IX. CREDITS ------------------------- This vulnerability has been discovered and reported by Manuel Garcia Cardenas (advidsec (at) gmail (dot) com). X. REVISION HISTORY ------------------------- Nov 16, 2016 1: Initial release Nov 21, 2016 2: Last revision XI. DISCLOSURE TIMELINE ------------------------- Nov 16, 2016 1: Vulnerability acquired by Manuel Garcia Cardenas Nov 16, 2016 2: Send to vendor Nov 20, 2016 3: New version that includes patched code https://wondercms.com/forum/viewtopic.php?f=8&t=761 Nov 21, 2016 4: Sent to lists XII. LEGAL NOTICES ------------------------- The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. XIII. ABOUT ------------------------- Manuel Garcia Cardenas Pentester


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top