Cross-site Scripting (XSS) Vulnerabilities in epesi BIM

2011-11-30T00:00:00
ID HTB23061
Type htbridge
Reporter High-Tech Bridge
Modified 2011-12-08T00:00:00

Description

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in epesi BIM which could be exploited to perform cross-site scripting attacks.

1) Cross-site scripting (XSS) vulnerabilities in epesi BIM
1.1 The vulnerability exists due to input sanitation error in the "dir_atual" parameters in admin/phpfm.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in users browser in context of the vulnerable website. Successful exploitation requires that victim is logged-in into the application and has access to administrative interface. Exploitation example: http://[host]/admin/phpfm.php?frame=3&dir_atual=%3Cscript%3Ealert%28123%29;% 3C/script%3E 1.2 The vulnerability exists due to input sanitation error in URL parameter in admin/themeup.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in users browser in context of the vulnerable website. Successful exploitation requires that victim is logged-in into the application and has access to administrative interface.
Exploitation example:
http://[host]/admin/themeup.php/%22%3E%3Cscript%3Ealert%28123%29;%3C/script% 3E
1.3 The vulnerability exists due to input sanitation error in the "msg" parameter in admin/wfb.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website. Successful exploitation requires that victim is logged-in into the application and has access to administrative interface.
Exploitation example:
http://[host]/admin/wfb.php?msg=%3Cscript%3Ealert%28document.cookie%29;%3C/s cript%3E