Cross-site Scripting (XSS) Vulnerability in Nuggetz CMS

2010-05-25T00:00:00
ID HTB22400
Type htbridge
Reporter High-Tech Bridge
Modified 2010-05-26T00:00:00

Description

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Nuggetz CMS which could be exploited to perform cross-site scripting attacks.

1) Cross-site scripting (XSS) vulnerability in Nuggetz CMS
The vulnerability exists due to input sanitation error in the "pagevalue" parameter in nuggetz/admin/ajaxsave.php. A remote attacker can send a specially crafted HTTP POST request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website. Successful exploitation requires that victim is logged-in into the application and has access to the administrative section.
Exploitation example:
<form action="http://example.com/nuggetz/admin/ajaxsave.php?nugget=nuggetnamefromc lass&dummy=1" method="post" name="main" >
<input name="pagevalue" type="hidden" value='page content"><script>alert(document.cookie)</script>' />
</form>
<script>
document.main.submit();
</script>