Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

SocialCMS 1.0.2 Cross Site Scripting

Related Vulnerabilities: CVE-2012-1982  
Publish Date: 30 Mar 2012
Author: Ivano Binetti
Source 
                							

                +------------------------------------------------------------------------------------------------------------------------------------+
# Exploit Title     : SocialCMS <= 1.0.2 XSS (Persistent and Reflected) Vulnerabilities
# Date              : 30-03-2012
# Author            : Ivano Binetti (http://www.ivanobinetti.com)
# Vendor site       : http://socialcms.com
# Software link     : http://sourceforge.net/projects/socialcms/files/latest/download
# Version           : 1.0.2 (and lower)
# Tested on         : Debian Squeeze (6.0) 
# CVE               : CVE-2012-1982
# Original Advisory : http://www.webapp-security.com/2012/03/socialcms/
+------------------------------------------------------------------------------------------------------------------------------------+
Summary-
1)Introduction
2)Vulnerability Description
 2.1 Persistent XSS
 2.2 Reflected XSS
3)Exploit
+------------------------------------------------------------------------------------------------------------------------------------+
1)Introduction
SocialCMS "is online software for developing dynamic websites.It allows non-technical users to create and make changes to a 
website easily. It can be used for setting up Company Website, Blog, Video site, Amazon shop, Membership Site, Adsense Site, 
Affiliate Review site, Twitter CMS or for Domain Monetization etc.".

2)Vulnerability Description
 2.1 Persistent XSS
 SocialCMS 1.0.2 (and lower) is prone to a persistent XSS vulnerability due to an improper input sanitization of 
 "TR_title" parameter, passed to "my_admin/admin1_list_pages.php" via http POST method. 
 Exploiting this vulnerability an authenticated user - which is able to publish an article - could insert arbitrary 
 code in web management interface "Title" field - under "my_admin/admin1_list_pages.php?id=<page_id>&action=edit" - that will be 
 executed when an administrator - or another user - will browse that web page.
  
 2.2 Reflected XSS
 The Improper input sanitization of "TR_title" parameter causes also a Reflected XSS for the user which inserts html/javascript 
 code. 


3)Exploit 
Insert the following code in "Title" field when you're creating a new page:
"><script>alert(document.cookie)</script>
+-----------------------------------------------------------------------------------------------------------------------------------+
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started