AR Web Content Manager (AWCM) v2.2 Cross-Site scripting Vulnerability
SecPod Technologies (www.secpod.com) Author: Antu Sanadi
SecPod ID: 1012 21/03/2011 Issue Discovered 24/03/2011 Vendor Notified 24/03/2011 Vendor Responded 25/03/2011 Vendor Solution
Class: Cross-Site Scripting Severity: Medium
AR Web Content Manager (AWCM) is prone to Cross-Site Scripting vulnerability.
AR Web Content Manager (AWCM) is prone to a Cross-Site Scripting vulnerability as it fails to properly sanitize user-supplied input.
Input passed via the 'search' parameter in 'search' action in search.php is not properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site. This may allow an attacker to steal cookie-based authentication credentials and launch further attacks.
The vulnerability has been tested in AR Web Content Manager v2.1 and v2.2 Other versions may also be affected.
Successful exploitation could allow an attacker to execute arbitrary HTML code in a user's browser session in the context of a vulnerable application.
AR Web Content Manager (AWCM) v2.2 and prior.
Tested on, AR Web Content Manager (AWCM) v2.2 and v2.1 (Tested using Mozilla firefox browser)
http://www.awcm-cms.com/ http://secpod.org/blog/?p=179 http://sourceforge.net/projects/awcm/files/ http://secpod.org/advisories/search.php.zip http://secpod.org/advisories/SECPOD_AWCM_XSS.txt
Vendor as has provided the solution, http://www.zshare.net/download/8818096688e1e96a/
CVSS Score Report: ACCESS_VECTOR = NETWORK ACCESS_COMPLEXITY = MEDIUM AUTHENTICATION = NONE CONFIDENTIALITY_IMPACT = PARTIAL INTEGRITY_IMPACT = PARTIAL AVAILABILITY_IMPACT = NONE EXPLOITABILITY = PROOF_OF_CONCEPT REMEDIATION_LEVEL = UNAVAILABLE REPORT_CONFIDENCE = CONFIRMED CVSS Base Score = 5.2 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N)
Antu Sanadi of SecPod Technologies has been credited with the discovery of this vulnerability.