54 lines
No EOL
1.3 KiB
Text
54 lines
No EOL
1.3 KiB
Text
######################
|
|
# Exploit Title: Persistent ZeroCMS Cross-Site Scripting Vulnerability
|
|
|
|
# Discovered by: Mayuresh Dani
|
|
|
|
# Vendor Homepage: http://www.aas9.in/zerocms/
|
|
|
|
# Software Link: https://github.com/pcx1256/zerocms/archive/master.zip
|
|
|
|
# Version: 1.0?
|
|
|
|
# Date: 2014-07-25
|
|
|
|
# Tested on: Windows 7 / Mozilla Firefox
|
|
Ubuntu 14.04 / Mozilla Firefox
|
|
|
|
# CVE: CVE-2014-4710
|
|
|
|
######################
|
|
|
|
# Vulnerability Disclosure Timeline:
|
|
|
|
2014-06-15: Discovered vulnerability
|
|
2014-06-23: Vendor Notification (Support e-mail address)
|
|
2014-07-25: Public Disclosure
|
|
|
|
# Description
|
|
|
|
ZeroCMS is a very simple Content Management System Built using PHP and
|
|
MySQL.
|
|
|
|
The application does not validate any input to the "Full Name", "Email
|
|
Address", "Password" or "Confirm Password" functionality. It saves this
|
|
unsanitized input in the backend databased and executes it when visiting
|
|
the subsequent or any logged-in pages.
|
|
|
|
######################
|
|
|
|
# Steps to reproduce the vulnerability
|
|
|
|
1) Visit the "Create Account" page (eg.
|
|
http://localhost/zerocms/zero_transact_user.php)
|
|
|
|
2) Enter your favourite XSS payload and click on "Create Account"
|
|
|
|
3) Enjoy!
|
|
|
|
More information:
|
|
https://community.qualys.com/blogs/securitylabs/2014/07/24/yet-another-zerocms-cross-site-scripting-vulnerability-cve-2014-4710
|
|
|
|
#####################
|
|
|
|
Thanks,
|
|
Mayuresh. |