AneCMS 1.3 Cross Site Scripting / SQL Injection

2010-06-16T00:00:00

Description

{"id": "PACKETSTORM:90669", "vendorId": null, "type": "packetstorm", "bulletinFamily": "exploit", "title": "AneCMS 1.3 Cross Site Scripting / SQL Injection", "description": "", "published": "2010-06-16T00:00:00", "modified": "2010-06-16T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "cvss2": {}, "cvss3": {}, "href": "https://packetstormsecurity.com/files/90669/AneCMS-1.3-Cross-Site-Scripting-SQL-Injection.html", "reporter": "High-Tech Bridge SA", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2016-11-03T10:23:25", "viewCount": 9, "enchantments": {"score": {"value": 0.3, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.3}, "_state": {"dependencies": 1678912101, "score": 1678911848, "epss": 1678921929}, "_internal": {"score_hash": "a34c98b805938297519b2e1e3e975579"}, "sourceHref": "https://packetstormsecurity.com/files/download/90669/anecms-sqlxss.txt", "sourceData": "`Vulnerability ID: HTB22407 \nReference: http://www.htbridge.ch/advisory/stored_xss_vulnerability_in_anecms_blog_module.html \nProduct: AneCMS \nVendor: AneCMS Team \nVulnerable Version: 1.3 and Probably Prior Versions \nVendor Notification: 28 May 2010 \nVulnerability Type: Stored XSS (Cross Site Scripting) \nStatus: Fixed by Vendor \nRisk level: Medium \nCredit: High-Tech Bridge SA (http://www.htbridge.ch/) \n \nVulnerability Details: \nUser can execute arbitrary JavaScript code within the vulnerable application. \n \nThe vulnerability exists due to failure in the blog module script \"/modules/blog/index.php\" to properly sanitize user-supplied input in \"comment\" variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data. \n \nAn attacker can use browser to exploit this vulnerability by entering in comment text area for example \"hello <script>alert(document.cookie)</script>\". \n \n \nSolution: Upgrade to the most recent version \nVulnerability ID: HTB22408 \nReference: http://www.htbridge.ch/advisory/sql_injection_vulnerability_in_anecms.html \nProduct: AneCMS \nVendor: AneCMS Team \nVulnerable Version: 1.3 and Probably Prior Versions \nVendor Notification: 28 May 2010 \nVulnerability Type: SQL Injection \nStatus: Not Fixed, Vendor Alerted, Awaiting Vendor Response \nRisk level: High \nCredit: High-Tech Bridge SA (http://www.htbridge.ch/) \n \nVulnerability Details: \nThe vulnerability exists due to failure in the \"/modules/blog/index.php\" script. Attacker can alter queries to the application SQL database, execute arbitrary queries to the database, compromise the application, access or modify sensitive data, or exploit various vulnerabilities in the underlying SQL database. \n \nAttacker can use browser to exploit this vulnerability. The following PoC is available: \n \nhttp://host/blog/1+ANY_SQL_CODE_HERE/Demo_of_ANE_CMS#comment-63 \n \n \n`\n"}