High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in RunCMS which could be exploited to perform cross-site scripting and SQL injection attacks.
1) Cross-site scripting (XSS) vulnerability in RunCMS
The vulnerability exists due to input sanitation error in the "rc2_user" cookie in user.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website.
GET /user.php HTTP/1.1
2) SQL injection vulnerability in RunCMS
The vulnerability exists due to input sanitation errors in the "timezone_offset" parameter in register.php. A remote attacker can send a specially crafted HTTP POST request to the vulnerable script and execute arbitrary SQL commands in application`s database. Successful exploitation may allow an attacker to read, modify, add or delete arbitrary data in the database.
POST /register.php HTTP/1.1
uname=user3&email=user%40test2.com&user_viewemail=0&name=user3&address= nope&zip_code=123&town =nope&user_from=nope&phone=123&user_avatar=blank.gif&timezone_offset=123'SQL _CODE_HERE&url=http%3A%2 F%2Fnope&language=english&passw=password&vpassw=password&user_mailok=1&verif y_text=&verify_crc=&keys tring=368483&op=finish