bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/35551.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

68 lines
No EOL
2 KiB
Text
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

Advisory: Persistent XSS Vulnerability in CMS Papoo Light v6
Advisory ID: SROEADV-2014-01
Author: Steffen Rösemann
Affected Software: CMS Papoo Version 6.0.0 Rev. 4701
Vendor URL: http://www.papoo.de/
Vendor Status: fixed
CVE-ID: -
==========================
Vulnerability Description:
==========================
The CMS Papoo Light Version has a persistent XSS vulnerability in its guestbook functionality and in its user-registration functionality.
==================
Technical Details:
==================
XSS-Vulnerability #1:
Papoo Light CMS v6 provides the functionality to post comments on a guestbook via the following url: http://{target-url}/guestbook.php?menuid=6.
The input fields with the id „author“ is vulnerable to XSS which gets stored in the database and makes that vulnerability persistent.
Payload-Examples:
<img src='n' onerror=“javascript:alert('XSS')“ >
<iframe src=“some_remote_source“></iframe>
XSS-Vulnerability #2:
People can register themselves on Papoo Light v6 CMS at http://{target-url}/account.php?menuid=2. Instead of using a proper username, an attacker can inject HTML and/or JavaScriptcode on the username input-field.
Code gets written to the database backend then. Attacker only has to confirm his/her e-mail address to be able to login and spread the code by posting to the forum or the guestbook where the username is displayed.
Payload-Examples:
see above (XSS #1)
=========
Solution:
=========
Update to the latest version
====================
Disclosure Timeline:
====================
13-Dec-2014 found XSS #1
13-Dec-2014 - informed the developers (XSS #1)
14-Dec-2014 found XSS #2
14-Dec-2014 informed the developers (XSS #2)
15-Dec-2014 - release date of this security advisory
15-Dec-2014 - response and fix by vendor
15-Dec-2014 - post on BugTraq
========
Credits:
========
Vulnerability found and advisory written by Steffen Rösemann.
===========
References:
===========
http://www.papoo.de/
http://sroesemann.blogspot.de
Reference in a new issue View git blame Copy permalink