Posts Tagged ‘ persistent

Stark CRM v1.0 Multiple Script Injection And Session Riding Vulnerabilities

Multiple stored XSS and CSRF vulnerabilities exist when parsing user input to several POST parameters. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site and/or execute arbitrary HTML and script code in a user’s browser session.

starkcrm_xss

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5169.php

BoxBilling 3.6.11 (mod_notification) Stored Cross-Site Scripting Vulnerability

BoxBilling suffers from a stored cross-site scripting vulnerability. Input passed to the ‘message’ POST parameter thru the ‘Notification Center’ extension/module is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site.

boxbilling_xss

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5163.php

LimeSurvey v2.00+ (build 131107) Script Insertion And SQL Injection Vulnerability

LimeSurvey suffers from a stored cross-site scripting and SQL Injection vulnerability. Input passed to the ‘label_name’ POST parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. Input passed to the ‘group_name’ POST parameter is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

limesurvey-sql

Advisory [ZSL-2013-5161]:
LimeSurvey v2.00+ (build 131107) Script Insertion And SQL Injection Vulnerability

Vendor patch:
http://bugs.limesurvey.org/plugin.php?page=Source/view&id=13491
http://bugs.limesurvey.org/plugin.php?page=Source/view&id=13494
http://www.limesurvey.org/en/stable-release

Windu CMS 2.2 Multiple Stored XSS And CSRF Vulnerabilities

Windu CMS suffers from a cross-site request forgery vulnerabilities. The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Multiple stored XSS vulnerabilities exist when parsing user input to the ‘name’ and ‘username’ POST parameters. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user’s browser session.

Advisories:

Windu CMS 2.2 CSRF Add Admin Exploit
Windu CMS 2.2 Multiple Persistent Cross-Site Scripting Vulnerabilities

windu_xss

CMSLogik 1.2.1 Multiple Vulnerabilities

CMSLogik suffers from multiple stored XSS, arbitrary file upload and user enumeration weakness.

Advisories:

CMSLogik 1.2.1 Multiple Persistent XSS Vulnerabilities
CMSLogik 1.2.1 (user param) User Enumeration Weakness
CMSLogik 1.2.1 (upload_file_ajax()) Shell Upload Exploit

cmslogikenum2



Qool CMS v2.0 RC2 Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities

Qool CMS suffers from multiple persistent cross-site scripting vulnerabilities. The issues are triggered when input passed via several POST parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. Also, Qool CMS allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.

Qool CMS XSS

Advisory ZSL-2013-5133: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5133.php
Advisory ZSL-2013-5134: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5134.php

phlyLabs phlyMail Lite 4.03.04 Multiple Vulnerabilities (XSS, PD, Open Redirect)

phlyMail suffers from multiple stored XSS vulnerabilities (post-auth) and Path Disclosure when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site and displaying the full webapp installation path.

Input passed via the ‘go’ parameter in ‘derefer.php’ script is not properly verified before being used to redirect users. This can be exploited to redirect a user to an arbitrary website e.g. when a user clicks a specially crafted link to the affected script hosted on a trusted domain.

Advisories:

[ZSL-2013-5123] phlyLabs phlyMail Lite 4.03.04 (go param) Open Redirect Vulnerability
[ZSL-2013-5122] phlyLabs phlyMail Lite 4.03.04 Path Disclosure and Stored XSS Vulnerabilities

Multiple vulnerabilities in multiple web applications

ZSL-2012-5097SiNG cms 2.9.0 (email) Remote XSS POST Injection Vulnerability
ZSL-2012-5098web@all CMS 2.0 Multiple Remote XSS Vulnerabilities
ZSL-2012-5099web@all CMS 2.0 (_order) SQL Injection Vulnerability
ZSL-2012-5100KindEditor 4.1.2 (name parameter) Reflected XSS Vulnerability
ZSL-2012-5101Monstra 1.2.1 Multiple HTML Injection Vulnerabilities
ZSL-2012-5102xt:Commerce v4.0.15 (products_name_de) Script Insertion Vulnerability

The applications suffer from multiple stored and reflected XSS vulnerabilities including an SQL Injection.

Zoho BugTracker Multiple Stored XSS Vulnerabilities

The Bug Tracking Software suffers from a stored XSS vulnerability when parsing user input to the ‘comment’ and ‘mystatus’ parameters via POST method thru ‘bugdetails.do’ and ‘addmystatus.do’ scripts. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user’s browser session.

Zoho Bug Tracker

Advisory ID: ZSL-2012-5096
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5096.php

Baby Gekko CMS v1.1.5c Multiple Stored Cross-Site Scripting Vulnerabilities

Baby Gekko CMS suffers from multiple stored (post-auth) XSS vulnerabilities and path disclosure issues when parsing user input to several parameters via GET and POST method. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user’s browser session or disclose the full installation path of the affected CMS.

——————————————————————————–

Reflected (Non-Persistent) XSS:

1. username
2. password
3. verification_code
4. email_address
5. password_verify
6. firstname
7. lastname

Stored (Persistent) XSS:

8. groupname
9. virtual_filename
10. branch
11. contact_person
12. street
13. city
14. province
15. postal
16. country
17. tollfree
18. phone
19. fax
20. mobile
21. title
22. meta_key
23. meta_description

——————————————————————————–

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5086.php
Vendor: http://www.babygekko.com/site/news/general/baby-gekko-v1-2-0-released-with-3rd-party-independent-security-testing-performed-by-zero-science-lab.html