ID CVE-2012-3872 Type cve Reporter cve@mitre.org Modified 2012-12-28T15:06:00
Description
Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) the q parameter to confirm.php, or (3) the keyword parameter to users/users.php.
{"exploitdb": [{"lastseen": "2016-02-04T06:07:50", "description": "Open Constructor users/users.php keyword Parameter XSS. CVE-2012-3872. Webapps exploit for php platform", "published": "2012-08-04T00:00:00", "type": "exploitdb", "title": "Open Constructor users/users.php keyword Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-3872"], "modified": "2012-08-04T00:00:00", "id": "EDB-ID:37578", "href": "https://www.exploit-db.com/exploits/37578/", "sourceData": "source: http://www.securityfocus.com/bid/54822/info\r\n\r\nOpen Constructor is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input.\r\n\r\nExploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n\r\nOpen Constructor 3.12.0 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/openconstructor/users/users.php?type=multiple&keyword=<script>alert('xss')</script>", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/37578/"}, {"lastseen": "2016-02-04T06:07:57", "description": "Open Constructor data/file/edit.php result Parameter XSS. CVE-2012-3872. Webapps exploit for php platform", "published": "2012-08-04T00:00:00", "type": "exploitdb", "title": "Open Constructor data/file/edit.php result Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-3872"], "modified": "2012-08-04T00:00:00", "id": "EDB-ID:37579", "href": "https://www.exploit-db.com/exploits/37579/", "sourceData": "source: http://www.securityfocus.com/bid/54822/info\r\n \r\nOpen Constructor is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input.\r\n \r\nExploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n \r\nOpen Constructor 3.12.0 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/openconstructor/data/file/edit.php?result=<script>aler('xss')</script>&id=new&ds_id=8&hybridid=&fieldid=&callback=&type=txt&name=test&description=test&fname=test&create=Save", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/37579/"}, {"lastseen": "2016-02-04T06:08:05", "description": "Open Constructor confirm.php q Parameter XSS. CVE-2012-3872. Webapps exploit for php platform", "published": "2012-08-04T00:00:00", "type": "exploitdb", "title": "Open Constructor confirm.php q Parameter XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-3872"], "modified": "2012-08-04T00:00:00", "id": "EDB-ID:37580", "href": "https://www.exploit-db.com/exploits/37580/", "sourceData": "source: http://www.securityfocus.com/bid/54822/info\r\n \r\nOpen Constructor is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input.\r\n \r\nExploiting these vulnerabilities could allow an attacker to execute arbitrary script code, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n \r\nOpen Constructor 3.12.0 is vulnerable; other versions may also be affected. \r\n\r\nhttp://www.example.com/openconstructor/confirm.php?q=<script>alert('XSS')</script>skin=metallic", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/37580/"}], "packetstorm": [{"lastseen": "2016-12-05T22:16:44", "description": "", "published": "2012-08-04T00:00:00", "type": "packetstorm", "title": "Openconstructor CMS 3.12.0 Reflected XSS", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-3872"], "modified": "2012-08-04T00:00:00", "id": "PACKETSTORM:115284", "href": "https://packetstormsecurity.com/files/115284/Openconstructor-CMS-3.12.0-Reflected-XSS.html", "sourceData": "`###Title###: \nOpenconstructor CMS 3.12.0 Multiple Reflected Cross-site Scrpting vulnerabilities \n \n \n###Affected Software###: \nhttp://www.openconstructor.org/ \nhttp://code.google.com/p/openconstructor/downloads/list \nhttp://esectorsolutions.com/about/whats-new/esector-news/detailed/?id=234 \n \n \n###Description###: \nOpenconstructor (formerly known as eSector Solutions Web Constructor) is an open source web Content Management System written in PHP. Multiple Reflected XSS vulnerabilities exist on different parameters of differnt pages. \nVerson 3.12.0 is vulnerable, previous version may be affected, but they have not been tested. \n \n \n###CVE### \nCVE-2012-3872 \n \n \n###Impact###: \nAttackers can execute malicious javascript in authenticated users's browser, through social engineering techniques. \n \nCVSS Base Score: 4.0 (AV:N/AC:H/Au:N/C:P/I:P/A:N) \n \n \n###Credits###: \nLorenzo Cantoni \n \n \n###Details###: \nVulnerabilities has been tested on Internet Explorer 7, as the application is designed to work with that browser. Newer version of the browser with the anti-xss filter enabled, may help to protect users from such attacks. \n \n \n###Proof of Concept###: \n \n1) http://hostname/openconstructor/data/file/edit.php?result=<script>alert('xss')</script>&id=new&ds_id=8&hybridid=&fieldid=&callback=&type=txt&name=test&description=test&fname=test&create=Save \n \nNote: The right 'ds_id' must be set for an existing object. \n \n2) http://hostname/openconstructor/confirm.php?q=<script>alert('XSS')</script>skin=metallic \n \n3) http://hostname/openconstructor/users/users.php?type=multiple&keyword=<script>alert('xss')</script> \n \n \n###Disclosure### \n[08/07/2012] Lead Developer contacted. \n[22/07/2012] No response. Sent another mail. \n[04/08/2012] Still no response. Public disclosure. \n`\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://packetstormsecurity.com/files/download/115284/openconstructorref-xss.txt"}]}