Vulners
Lucene search
SocialCMS 1.0.2 Cross Site Scripting
| Reporter | Title | Published | Views | Family All 6 |
|---|---|---|---|---|
 | SocialCMS <= 1.0.2 XSS (Persistent and Reflected) Vulnerabilities | 30 Mar 201200:00 | – | zdt |
 | CVE-2012-1982 | 4 Apr 201210:00 | – | cve |
 | CVE-2012-1982 | 4 Apr 201210:00 | – | cvelist |
 | EUVD-2012-1991 | 7 Oct 202500:30 | – | euvd |
 | CVE-2012-1982 | 5 Apr 201214:55 | – | nvd |
 | Cross site scripting | 5 Apr 201214:55 | – | prion |
`+------------------------------------------------------------------------------------------------------------------------------------+
# Exploit Title : SocialCMS <= 1.0.2 XSS (Persistent and Reflected) Vulnerabilities
# Date : 30-03-2012
# Author : Ivano Binetti (http://www.ivanobinetti.com)
# Vendor site : http://socialcms.com
# Software link : http://sourceforge.net/projects/socialcms/files/latest/download
# Version : 1.0.2 (and lower)
# Tested on : Debian Squeeze (6.0)
# CVE : CVE-2012-1982
# Original Advisory : http://www.webapp-security.com/2012/03/socialcms/
+------------------------------------------------------------------------------------------------------------------------------------+
Summary-
1)Introduction
2)Vulnerability Description
2.1 Persistent XSS
2.2 Reflected XSS
3)Exploit
+------------------------------------------------------------------------------------------------------------------------------------+
1)Introduction
SocialCMS "is online software for developing dynamic websites.It allows non-technical users to create and make changes to a
website easily. It can be used for setting up Company Website, Blog, Video site, Amazon shop, Membership Site, Adsense Site,
Affiliate Review site, Twitter CMS or for Domain Monetization etc.".
2)Vulnerability Description
2.1 Persistent XSS
SocialCMS 1.0.2 (and lower) is prone to a persistent XSS vulnerability due to an improper input sanitization of
"TR_title" parameter, passed to "my_admin/admin1_list_pages.php" via http POST method.
Exploiting this vulnerability an authenticated user - which is able to publish an article - could insert arbitrary
code in web management interface "Title" field - under "my_admin/admin1_list_pages.php?id=<page_id>&action=edit" - that will be
executed when an administrator - or another user - will browse that web page.
2.2 Reflected XSS
The Improper input sanitization of "TR_title" parameter causes also a Reflected XSS for the user which inserts html/javascript
code.
3)Exploit
Insert the following code in "Title" field when you're creating a new page:
"><script>alert(document.cookie)</script>
+-----------------------------------------------------------------------------------------------------------------------------------+
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 Mar 2012 00:00Current
6.8Medium risk
Vulners AI Score6.8
EPSS0.00159