ZeroCMS 1.0 Cross Site Scripting

2014-06-27T00:00:00
ID PACKETSTORM:127262
Type packetstorm
Reporter Filippos Mastrogiannis
Modified 2014-06-27T00:00:00

Description

                                        
                                            `ZeroCMS v1.0 Cross-Site Scripting Vulnerability  
  
Vendor: Another Awesome Stuff  
Product web page: http://www.aas9.in/zerocms  
Affected version: 1.0  
Severity: Medium  
CVE: CVE-2014-4195   
Date: 20/06/2014  
  
Discovered by: Filippos Mastrogiannis (@filipposmastro)  
  
ZeroCMS is a very simple Content Management System Built using PHP and MySQL.  
  
Description: ZeroCMS v1.0 is vulnerable to Cross-Site Scripting (XSS)  
  
A cross site scripting vulnerability identified in the variable: "article_id" of   
the "zero_view_article.php" file which allows an attacker to execute arbitrary   
script code in the browser of an unsuspecting user in the context of the affected site.  
  
This allows several different attack opportunities, mostly hijacking the  
current session of the user or changing the look of the page by changing  
the HTML on the fly to steal the user's credentials. This happens  
because the user input is interpreted as HTML/JavaScript by the browser.  
  
Proof Of Concept:  
  
In order to trigger the vulnerability and to display an alert box with the session   
cookie use the following standard payload:  
  
http://localhost/zerocms/zero_view_article.php?article_id=<script>alert(document.cookie);</script>  
  
  
  
  
  
  
`