Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

DataLife Engine 11.1 Cross Site Scripting

🗓️ 26 Aug 2016 00:00:00Reported by 0x3aType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 69 Views

DataLife Engine 11.1 Cross Site Scripting vulnerability in /DLE/engine/preview.php can allow XSS attack leading to the injection of malicious code into the website

Code
`...  
==========================  
- Discovered By : 0x3a  
- http://iran-cyber.net  
- taha[dot]0x3a[at]gmail[dot]com  
- Credit To Iran Cyber Security Group  
  
- Release Date : 10.8.2016  
- Level : High  
==========================  
  
I.Vulnerability  
---------------  
DataLife Engine 11.1 <= Cross Site Scripting And Lower Version  
DataLife Engine 11  
DataLife Engine 10  
  
II.BackGround  
-------------  
DataLife Engine (DLE) is a cms that you can make your WebSite & Forum .  
https://dle-news.com/https://ru.wikipedia.org/wiki/DataLife_Engine  
  
a google search "intext:Powered+by+DataLife+Engine" returned a 1  
milion website hosted by DLE  
https://www.google.com/search?q=intext:Powered+by+DataLife+Engine  
  
III.Introduction  
----------------  
DataLife Engine is a multifunctional Content Management System. Thanks  
to a very powerful news, articles, and users management system,  
DataLife Engine is designed primarily for the own mass media websites  
and blogs creation on the Internet.  
  
IV.DESCRIPTION  
--------------  
DLE have security problem. it can be exploited by xss attack.  
This vulnerability occurs in /DLE/engine/preview.php.  
With this vulnerability you can inject your malicious code in website.  
  
  
These restrictions can be found in /DLE/engine/preview.php source file:  
  
if( $config['allow_site_wysiwyg'] ) {  
$title = stripslashes( $parse->process( $_POST['title'] ) );  
  
  
They used $_POST function without any filter that make XSS vulnerability.  
With this vulnerability you can make cookie hijacking attack because  
when you post any text admin must check it and  
submit it.  
  
V.PROOF OF CONCEPT EXPLOIT  
--------------------------  
First you must register in the DLE website.  
Then you can send post. Complete All Fields then open your HTTP Live  
Header so click  
on preview button  
POST Parameteres :  
  
title=Test&catlist%5B%5D=1&vote_title=&frage=&vote_body=&short_story=Test&full_story=Test&tags=&sec_code=174991&nview=&mod=preview  
  
And you can run your payload in this parameter :  
[ title ]  
  
  
title=<marquee>Discovered By 0x3a [ Iran Cyber Security  
Group]</marquee>&catlist%5B%5D=1&vote_title=&frage=&vote_body=&short_story=Test&full_story=Test&tags=&sec_code=174991&nview=&mod=preview  
  
  
VI.SYSTEM AFFECTED  
------------------  
All version of DLE Affected  
  
VII.SOLUTION  
------------  
1.You can use filter function like as htmlspecialchars() , addslash()  
, htmlentities() to patch this  
vulnerability  
  
2.You can ban registring in your website but ...  
  
------  
0x3a  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
26 Aug 2016 00:00Current
7.4High risk
Vulners AI Score7.4
datalife enginecross site scriptingvulnerabilityxss attackinjectionwebsitesecurityexploitversion affectedsolutioniran cyber security group
69