Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Wolf CMS 0.7.5 Cross Site Scripting / SQL Injection

🗓️ 29 Feb 2012 00:00:00Reported by longrifle0xType 
zdt
 zdt🔗 0day.today👁 43 Views

Wolf CMS 0.7.5 Cross Site Scripting / SQL Injection 2012-02-2

Code
Title:
======
Wolf CMS 0.7.5 Cross Site Scripting / SQL Injection

Date:
=====
2012-02-27

Introduction:
=============
Wolf CMS is a content management system and is Free Software published under the GNU General 
Public License v3. Wolf CMS is written in the PHP programming language. Wolf CMS is a fork of Frog CMS.
The project was a finalistin the 2010 Packt Publishing s Open Source awards for the  Most Promising 
Open Source Project  category. As of the 28th of December 2010, the Wolf CMS code repository was moved 
from Google Code to Github.

( Copy of the Vendor Homepage: http://en.wikipedia.org/wiki/Wolf_CMS ) 

Abstract:
=========
Vulnerability Laboratory Research Team discovered multiple Web Vulnerabilities on the Wolf Content Management System v0.7.5 

Report-Timeline:
================
2012-02-11:  Vendor Notification
2012-02-27:  Public or Non-Public Disclosure

Affected Products:
==================
BlueWin CH
Product: Wolf CMS v0.7.5

Details:
========
1.1
A SQL Injection vulnerability is detected on the Wolfs Content Management System v0.7.5. The 
vulnerability allows an remote attacker to execute own sql commands on the affected application 
dbms. Successful exploitation can result in dbms, web-server or application compromise.

Vulnerable Module(s):
          [+] /plugins/comment/[Index]

1.2
Multiple persistent vulnerabilities are detected on the Wolfs Content Management System v0.7.5. 
The bug allows an remote attacker or local low privileged user account to inject persistent malicious 
script code on application side. Successful exploitation can result in persistent context manipulation 
on requests, session hijacking & account steal via application side phishing.

Vulnerable Module(s):
          [+] /plugins/comment/

Proof of Concept:
=================
The vulnerabilities can be exploited by remote attackers & local low privileged user accounts with- and 
without required user inter action. For demonstration or reproduce ...

1.1
Path:  /wolfcms/wolf/plugins/comment/
File:  index.php

Review:
271: $ip = isset($_SERVER['HTTP_X_FORWARDED_FOR']) ?
$_SERVER['HTTP_X_FORWARDED_FOR']:($_SERVER['REMOTE_ADDR']);


1.2
Path:  /wolfcms/wolf/plugins/comment/
File:  index.php

Review:
/wolfcms/wolf/plugins/comment/index.php
272: echo '<input type="hidden" value="'.$ip.'" name="comment[author_ip]" />';


Risk:
=====
1.1
The security risk of the blind sql injection vulnerabilities are estimated as high(+).

1.2
The security risk of the persistant xss vulnerabilities are estimated as medium(+).



#  0day.today [2018-03-09]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
29 Feb 2012 00:00Current
7.1High risk
Vulners AI Score7.1
wolf cmscross site scriptingsql injectionvulnerabilityremote attackerpersistent2012-02-27
43