Pointter PHP Content Management System 1.2 Multiple Vulnerabilities

2011-03-16T00:00:00
ID ZSL-2011-5002
Type zeroscience
Reporter Gjoko Krstic
Modified 2011-03-16T00:00:00

Description

Title: Pointter PHP Content Management System 1.2 Multiple Vulnerabilities
Advisory ID: ZSL-2011-5002
Type: Local/Remote
Impact: Cross-Site Scripting, System Access, Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data
Risk: (3/5)
Release Date: 16.03.2011

Summary

Pointter PHP Content Management System is an advanced, fast and user friendly CMS script that can be used to build simple websites or professional websites with product categorization, product blogs, member login and search modules. The webmaster can create unlimited static page boxes, static pages, main categories, sub categories and product pages.

Description

Pointter CMS suffers from multiple vulnerabilities (post-auth) including: Stored XSS, bSQLi, LFI, Cookie Manipulation, DoS.

Vendor

PangramSoft GmbH - <http://www.pointter.com>

Affected Version

1.2

Tested On

Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41

Vendor Status

N/A

PoC

pointtercms_xss.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] <http://www.exploit-db.com/exploits/16987/>
[2] <http://www.securityfocus.com/bid/46894>
[3] <http://packetstormsecurity.org/files/99388>
[4] <http://secunia.com/advisories/43778/>
[5] <http://securityreason.com/wlb_show/WLB-2011030069>
[6] <http://xforce.iss.net/xforce/xfdb/66114>
[7] <http://xforce.iss.net/xforce/xfdb/66115>
[8] <http://xforce.iss.net/xforce/xfdb/66116>
[9] <http://forums.cnet.com/7726-6132_102-5101477.html>
[10] <http://www.securelist.com/en/advisories/43778>
[11] <http://osvdb.org/show/osvdb/71194>
[12] <http://osvdb.org/show/osvdb/71195>
[13] <http://osvdb.org/show/osvdb/71196>
[14] <http://osvdb.org/show/osvdb/71197>
[15] <http://osvdb.org/show/osvdb/71198>

Changelog

[16.03.2011] - Initial release
[17.03.2011] - Added reference [4], [5], [6], [7] and [8]
[22.03.2011] - Added reference [9], [10], [11], [12], [13], [14] and [15]

Contact

Zero Science Lab

Web: <http://www.zeroscience.mk>
e-mail: lab@zeroscience.mk

                                        
                                            &lt;html&gt;&lt;head&gt;&lt;title&gt;403 Nothing to see.&lt;/title&gt;
&lt;link rel="Shortcut Icon" href="favicon.ico" type="image/x-icon"&gt;
&lt;style type="text/css"&gt;
&lt;!--
body {
	background-color: #000;
}
body,td,th {
	font-family: Verdana, Geneva, sans-serif;
}
a:link {
	color: #008FEF;
	text-decoration: none;
}
a:visited {
	color: #008FEF;
	text-decoration: none;
}
a:hover {
	text-decoration: underline;
	color: #666;
}
a:active {
	text-decoration: none;
}
--&gt;
&lt;/style&gt;
&lt;/head&gt;
&lt;body bgcolor=black&gt;
&lt;center&gt;
&lt;font color="#7E88A3" size="2"&gt;
&lt;br /&gt;&lt;br /&gt;
&lt;h1&gt;403 Nothing to see.&lt;/h1&gt;

You do not have the powah for this request /403.shtml&lt;br /&gt;&lt;br /&gt;
&lt;font size="2"&gt;&lt;a href="https://www.zeroscience.mk"&gt;https://www.zeroscience.mk&lt;/a&gt;&lt;/font&gt;
&lt;/font&gt;&lt;/center&gt;
&lt;/body&gt;&lt;/html&gt;