ZeroCMS 1.0 Cross Site Scripting

2014-07-28T00:00:00
ID PACKETSTORM:127634
Type packetstorm
Reporter Mayuresh Dani
Modified 2014-07-28T00:00:00

Description

                                        
                                            `######################  
# Exploit Title: Persistent ZeroCMS Cross-Site Scripting Vulnerability  
  
# Discovered by: Mayuresh Dani  
  
# Vendor Homepage: http://www.aas9.in/zerocms/  
  
# Software Link: https://github.com/pcx1256/zerocms/archive/master.zip  
  
# Version: 1.0?  
  
# Date: 2014-07-25  
  
# Tested on: Windows 7 / Mozilla Firefox  
Ubuntu 14.04 / Mozilla Firefox  
  
# CVE: CVE-2014-4710  
  
######################  
  
# Vulnerability Disclosure Timeline:  
  
2014-06-15: Discovered vulnerability  
2014-06-23: Vendor Notification (Support e-mail address)  
2014-07-25: Public Disclosure  
  
# Description  
  
ZeroCMS is a very simple Content Management System Built using PHP and  
MySQL.  
  
The application does not validate any input to the "Full Name", "Email  
Address", "Password" or "Confirm Password" functionality. It saves this  
unsanitized input in the backend databased and executes it when visiting  
the subsequent or any logged-in pages.  
  
######################  
  
# Steps to reproduce the vulnerability  
  
1) Visit the "Create Account" page (eg.  
http://localhost/zerocms/zero_transact_user.php)  
  
2) Enter your favourite XSS payload and click on "Create Account"  
  
3) Enjoy!  
  
More information:  
https://community.qualys.com/blogs/securitylabs/2014/07/24/yet-another-zerocms-cross-site-scripting-vulnerability-cve-2014-4710  
  
#####################  
  
Thanks,  
Mayuresh.  
  
`