AdaptCMS 3.0.3 Multiple Persistent XSS Vulnerabilities

2015-01-05T00:00:00
ID ZSL-2015-5218
Type zeroscience
Reporter Gjoko Krstic
Modified 2015-01-05T00:00:00

Description

Title: AdaptCMS 3.0.3 Multiple Persistent XSS Vulnerabilities
Advisory ID: ZSL-2015-5218
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 05.01.2015

Summary

AdaptCMS is a Content Management System trying to be both simple and easy to use, as well as very agile and extendable. Not only so we can easily create Plugins or additions, but so other developers can get involved. Using CakePHP we are able to achieve this with a built-in plugin system and MVC setup, allowing us to focus on the details and end-users to focus on building their website to look and feel great.

Description

AdaptCMS version 3.0.3 suffers from multiple stored cross-site scripting vulnerabilities. Input passed to several POST parameters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Vendor

Insane Visions - <http://www.adaptcms.com>

Affected Version

3.0.3

Tested On

Apache 2.4.10 (Win32)
PHP 5.6.3
MySQL 5.6.21

Vendor Status

N/A

PoC

adaptcms_xss.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] <http://packetstormsecurity.com/files/129812>
[2] <http://www.securityfocus.com/bid/71870>
[3] <http://cxsecurity.com/issue/WLB-2015010022>
[4] <http://osvdb.org/show/osvdb/116716>
[5] <http://osvdb.org/show/osvdb/116717>
[6] <http://osvdb.org/show/osvdb/116718>
[7] <http://osvdb.org/show/osvdb/116719>
[8] <http://osvdb.org/show/osvdb/116720>
[9] <http://xforce.iss.net/xforce/xfdb/99617>
[10] <http://www.exploit-db.com/exploits/35710/>
[11] <http://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-1058>
[12] <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1058>

Changelog

[05.01.2015] - Initial release
[06.01.2015] - Added reference [1], [2], [3], [4], [5], [6], [7], [8], [9] and [10]
[17.01.2015] - Added reference [11] and [12]

Contact

Zero Science Lab

Web: <http://www.zeroscience.mk>
e-mail: lab@zeroscience.mk

                                        
                                            &lt;html&gt;&lt;head&gt;&lt;title&gt;403 Nothing to see.&lt;/title&gt;
&lt;link rel="Shortcut Icon" href="favicon.ico" type="image/x-icon"&gt;
&lt;style type="text/css"&gt;
&lt;!--
body {
	background-color: #000;
}
body,td,th {
	font-family: Verdana, Geneva, sans-serif;
}
a:link {
	color: #008FEF;
	text-decoration: none;
}
a:visited {
	color: #008FEF;
	text-decoration: none;
}
a:hover {
	text-decoration: underline;
	color: #666;
}
a:active {
	text-decoration: none;
}
--&gt;
&lt;/style&gt;
&lt;/head&gt;
&lt;body bgcolor=black&gt;
&lt;center&gt;
&lt;font color="#7E88A3" size="2"&gt;
&lt;br /&gt;&lt;br /&gt;
&lt;h1&gt;403 Nothing to see.&lt;/h1&gt;

You do not have the powah for this request /403.shtml&lt;br /&gt;&lt;br /&gt;
&lt;font size="2"&gt;&lt;a href="https://www.zeroscience.mk"&gt;https://www.zeroscience.mk&lt;/a&gt;&lt;/font&gt;
&lt;/font&gt;&lt;/center&gt;
&lt;/body&gt;&lt;/html&gt;