Multiple XSS in Fork CMS

2012-02-15T00:00:00
ID HTB23075
Type htbridge
Reporter High-Tech Bridge
Modified 2012-02-28T00:00:00

Description

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Fork CMS, which can be exploited to perform Cross-Site Scripting (XSS) attacks.
1) Cross-Site Scripting (XSS) in Fork CMS: CVE-2012-1188
1.1 Input passed via the "type" and "querystring" GET parameters to /private/en/error is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC (Proof of Concept) demostrate the vulnerability:
http://[host]/private/en/error?type=%3Cscript%3Ealert%28document.cookie%29;% 3C/script%3E
http://[host]/private/en/error?type=action-not-allowed&querystring=%3Cscript %3Ealert%28document.cookie%29;%3C/script%3E.1
1.2 Input passed via the "name" GET parameter to /private/en/locale/index is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of affected website.
The following PoC (Proof of Concept) demostrates the vulnerability:
http://[host]/private/en/locale/index?name=%22%3E%3Cscript%3Ealert%28documen t.cookie%29;%3C/script%3E