| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CALH-=7zeE4vCpdG+dqQK5KcscpnJUakQU7ApuHMSznDjgG2-Yg@mail.gmail.com>
Date: Sun, 18 Jan 2015 09:18:18 +0100
From: Steffen Rösemann <steffen.roesemann1986@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] Reflecting XSS vulnerability in administrative backend of CMS
Websitebaker v. 2.8.3 SP3
Advisory: Reflecting XSS vulnerability in CMS Websitebaker v.2.8.3 SP3
Advisory ID: SROEADV-2015-03
Author: Steffen Rösemann
Affected Software: CMS Websitebaker v.2.8.3 SP3
Vendor URL: http://www.websitebaker.org/de/home.php
Vendor Status: Vendor did not respond
CVE-ID: CVE-2015-0553
Tested with:
- Firefox 34
- Mac OS X 10.10
==========================
Vulnerability Description:
==========================
In the administrative backend of the content management system Websitebaker
v. 2.8.3 SP3 resides a reflecting XSS vulnerability.
==================
Technical Details:
==================
The file "modify.php" in which the researcher Manuel Cardenas (see
timeline) already found a SQL injection vulnerability, is as well prone to
a reflecting XSS vulnerability via a hidden form-field.
Exploit-Example:
http://
{TARGET}/admin/pages/modify.php?page_id=1"><script>alert('XSS')</script><!--
=========
Solution:
=========
Vendor did not respond.
====================
Disclosure Timeline:
====================
29-Dec-2014 – found the vulnerability
29-Dec-2014 - compared to findings of Manuel Garcia Cardenas (see
http://seclists.org/fulldisclosure/2014/Nov/44)
04-Jan-2015 - informed the developers
04-Jan-2015 – release date of this security advisory [without technical
details]
04-Jan-2015 - requested a CVE-ID
05-Jan-2015 - received CVE-2015-0533 from Mitre
05-Jan-2015 - submitted CVE-2015-0533 to vendor
14-Jan-2015 - contacted vendor again via Twitter (see [3])
18-Jan-2015 - release date of this security advisory
18-Jan-2015 - send to lists
========
Credits:
========
Vulnerability found and advisory written by Steffen Rösemann.
===========
References:
===========
[1] http://www.websitebaker.org/de/home.php
[2] http://sroesemann.blogspot.de/2015/01/sroeadv-2015-03_4.html
[3] https://twitter.com/sroesemann/status/555397239229911040
[4]
http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-03.html
_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists