Lucene search
K

SITEFACT CMS 2.01 Cross Site Scripting

🗓️ 25 May 2015 00:00:00Reported by Jing WangType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 45 Views

SITEFACT CMS 2.01 XSS Security Vulnerabilit

Code
`*SITEFACT CMS XSS (Cross-site Scripting) Web Security Vulnerabilities*  
  
  
Exploit Title: SITEFACT CMS content.php? &id Parameter XSS Security  
Vulnerabilities  
Product: SITEFACT CMS (Content Management System)  
Vendor: SITEFACT  
Vulnerable Versions: version 2.01  
Tested Version: version 2.01  
Advisory Publication: May 24, 2015  
Latest Update: May 24, 2015  
Vulnerability Type: Cross-Site Scripting [CWE-79]  
CVE Reference: *  
Impact CVSS Severity (version 2.0):  
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)  
Impact Subscore: 2.9  
Exploitability Subscore: 8.6  
Writer and Reporter: Wang Jing [School of Physical and Mathematical  
Sciences (SPMS), Nanyang Technological University (NTU), Singapore]  
(@justqdjing)  
  
  
  
  
  
*Recommendation Details:*  
  
  
*(1) Vendor & Product Description:*  
  
  
*Vendor:*  
SITEFACT  
  
  
  
*Product & Vulnerable Versions:*  
SITEFACT  
version 2.01  
  
  
  
*Vendor URL & Download:*  
Product can be obtained from here,  
http://www.sitefact.de/index.cfm?resid=1&res=1024&sid=2&skt=2279  
  
  
  
*Google Dork:*  
"Powered by SITEFACT"  
  
  
  
*Product Introduction Overview:*  
"Publish . Your content without any prior knowledge on the Internet  
Numerous integrated tools are available . Images, documents and movies can  
be provided with a click. We present yourself individually and  
professionally to your CI and your wishes . About a layout interface design  
can change at any time , or of course your own layout to be integrated. Our  
content management system is designed for search engine indexing . You can  
easily book your website for search engines like Google , Bing , Yahoo ,  
... optimize .."  
  
"By running his own web server , you do not need a provider and need to  
install anything . Updates are performed automatically and for free . All  
you need is a PC with Internet access. SITE FACT is a proprietary  
development of Arvenia GmbH . Therefore, we can always realize your  
individual wishes and integrate them into SITE FACT. If you need our  
assistance , please contact our free support. With personal contact and  
landline number during the entire runtime."  
  
  
  
  
*(2) Vulnerability Details:*  
SITEFACT web application has a computer cyber security bug problem. It can  
be exploited by XSS attacks. This may allow a remote attacker to create a  
specially crafted request that would execute arbitrary script code in a  
user's browser session within the trust relationship between their browser  
and the server.  
  
Several other similar products 0-day vulnerabilities have been found by  
some other bug hunter researchers before. SITEFACT has patched some of  
them. The Full Disclosure mailing list is a public forum for detailed  
discussion of vulnerabilities and exploitation techniques, as well as  
tools, papers, news, and events of interest to the community. FD differs  
from other security lists in its open nature and support for researchers'  
right to decide how to disclose their own discovered bugs. The full  
disclosure movement has been credited with forcing vendors to better secure  
their products and to publicly acknowledge and fix flaws rather than hide  
them. Vendor legal intimidation and censorship attempts are not tolerated  
here! It also publishes suggestions, advisories, solutions details related  
to XSS vulnerabilities and cyber intelligence recommendations.  
  
  
*(2.1)* The first programming flaw occurs at "/index.cfm?" page with "&res"  
"&skt" "&pid" parameters.  
  
  
*(2.2)* The second programming flaw occurs at login domain "/index.cfm?"  
page with "&sid" parameter.  
  
  
  
  
  
  
*References:*  
http://www.tetraph.com/security/xss-vulnerability/sitefact-cms-xss/  
http://securityrelated.blogspot.com/2015/05/sitefact-cms-xss.html  
http://www.inzeed.com/kaleidoscope/computer-security/sitefact-cms-xss/  
http://seclists.org/fulldisclosure/2015/Mar/2  
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg02031.html  
https://webtechwire.wordpress.com/2015/05/24/sitefact-cms-xss/  
http://cxsecurity.com/issue/WLB-2015030073  
http://whitehatpost.blog.163.com/blog/static/242232054201542474057982/  
http://lists.openwall.net/full-disclosure/2015/05/08/7  
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1958  
  
  
  
  
  
--  
Jing Wang,  
Division of Mathematical Sciences (MAS),  
School of Physical and Mathematical Sciences (SPMS),  
Nanyang Technological University (NTU),  
Singapore.  
http://www.tetraph.com/wangjing/  
https://twitter.com/justqdjing  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation