X3 CMS 0.5.1.1 Cross Site Request Forgery / Cross Site Scripting Vulnerabilities

2014-11-10T00:00:00
ID 1337DAY-ID-22850
Type zdt
Reporter Nahendra Bhati
Modified 2014-11-10T00:00:00

Description

X3 CMS versions 0.5.1 and 0.5.1.1 suffer from cross site request forgery and cross site scripting vulnerabilities.

                                        
                                            Product: X3 CMS 0.5.1 & 0.5.1.1
Vendor: X3 CMS
Vulnerable Version(s):  0.5.1 and 0.5.1.1
Tested Version: 0.5.1.1
Vendor Notification: 2 Nov , 2014 
Vendor Patch: 7 Nov, 2014 
Advisory Publication:  8 Nov, 2014
Public Disclosure: 8 November , 2014 
Vulnerability Type: CSRF + Reflected Cross Site Scripting  
CVE Reference: Requested
Risk Level: High
Solution Status: Fixed by Vendor
Discovered and Provided By: Narendra Bhati ( http://hacktivity.websecgeeks.com )
Patch - Upgrade to X3 CMS 0.5.2 
------------------------------------------------------------------------------------------------------------------------
Reported By  - Narendra Bhati ( R00t Sh3ll)
Security Analyst  @ Suma Soft Pvt. Ltd. , Pune ( India )IT Risk & Security Management Services , Pune ( India)
Facebook - https://facebook.com/narendradewsoft
twitter - https://www.twitter.com/NarendraBhatiNB
Blog - http://hacktivity.websecgeeks.com
Email - [email protected]

-------------------------------------------------------------------------------------------------------------------------

Advisory Details:

Narendra Bhati discovered vulnerability in X3 CMS 0.5.2 , which can be exploited to perform Cross-Site Scripting (XSS) attacks  Along With  CSRF Vulnerability

--------------------------------------------------------------------------------------------------------------------------

1) Cross Site Request Forgery Protection (CSRF) 

There was a CSRF vulnerability in the form submission in most controllers used in the admin area. This could be an issue if administrator is logged in to his account


-------------------------------------------------------------------------------------------------------------------------
2) Reflected Cross-Site Scripting (XSS) in MODX Revolution

There was an XSS vulnerability in the search_controller used in the public and private areas.

The exploitation example below uses the <script>alert(1)</script>

Vulnerable Parameter - "search"


------------------------------------------------------------------------------------------------------------------------
Solution:

Upgrade to Upgrade to X3 CMS 0.5.2 
More Information:
Public Advisory By Vendor :- http://www.x3cms.net/en/news/article/8bb9a4f84d956653b4daa19ee7c529fa/x3_cms_0.5.2
Public Disclosure With Tecnical Details - http://hacktivity.websecgeeks.com/x3-cms-xss-and-csrf/
-----------------------------------------------------------------------------------------------

#  0day.today [2018-01-24]  #