Cross-Site Scripting (XSS) in Ilch CMS

2014-02-12T00:00:00
ID HTB23203
Type htbridge
Reporter High-Tech Bridge
Modified 2014-02-12T00:00:00

Description

High-Tech Bridge Security Research Lab discovered vulnerability in Ilch CMS, which can be exploited to perform Cross-Site Scripting (XSS) attacks against users and administrators of vulnerable application.

1) Cross-Site Scripting (XSS) in Ilch CMS: CVE-2014-1944
The vulnerability exists due to insufficient sanitisation of user-supplied data in "text" HTTP POST parameter passed to "/index.php/guestbook/index/newentry" URL. A remote unauthenticated user can send a specially crafted HTTP POST request, which allows to permanently inject and execute arbitrary HTML and script code in user’s browser in context of the vulnerable website when the victim visits the "http://[host]/index.php/guestbook/index/index" URL.
The exploitation example below uses the JavaScript "alert()" function to display "immuniweb" word:
POST /index.php/guestbook/index/newentry HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 151
ilch_token=5a528778359d4756b9b8803b48fba18b&name=name&email=email%40e mail.com&homepage=http%3A%2F%2Fsite.com&text=<script>alert('immuniwweb');</s cript>&saveEntry=Submit