Vulmon
Advisory: Reflecting XSS vulnerability in CMS Websitebaker v.2.8.3 SP3
Advisory ID: SROEADV-2015-03
Author: Steffen Rösemann
Affected Software: CMS Websitebaker v.2.8.3 SP3
Vendor URL: http://www.websitebaker.org/de/home.php
Vendor Status: Vendor did not respond
CVE-ID: CVE-2015-0553
Tested with:
- Firefox 34
- Mac OS X 10.10
==========================
Vulnerability Description:
==========================
In the administrative backend of the content management system Websitebaker
v. 2.8.3 SP3 resides a reflecting XSS vulnerability.
==================
Technical Details:
==================
The file "modify.php" in which the researcher Manuel Cardenas (see
timeline) already found a SQL injection vulnerability, is as well prone to
a reflecting XSS vulnerability via a hidden form-field.
Exploit-Example:
http://
{TARGET}/admin/pages/modify.php?page_id=1"><script>alert('XSS')</script><!--
=========
Solution:
=========
Vendor did not respond.
====================
Disclosure Timeline:
====================
29-Dec-2014 – found the vulnerability
29-Dec-2014 - compared to findings of Manuel Garcia Cardenas (see
http://seclists.org/fulldisclosure/2014/Nov/44)
04-Jan-2015 - informed the developers
04-Jan-2015 – release date of this security advisory [without technical
details]
04-Jan-2015 - requested a CVE-ID
05-Jan-2015 - received CVE-2015-0533 from Mitre
05-Jan-2015 - submitted CVE-2015-0533 to vendor
14-Jan-2015 - contacted vendor again via Twitter (see [3])
18-Jan-2015 - release date of this security advisory
18-Jan-2015 - send to lists
========
Credits:
========
Vulnerability found and advisory written by Steffen Rösemann.
===========
References:
===========
[1] http://www.websitebaker.org/de/home.php
[2] http://sroesemann.blogspot.de/2015/01/sroeadv-2015-03_4.html
[3] https://twitter.com/sroesemann/status/555397239229911040
[4]
http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-03.html
<p>