Hotaru CMS 1.4.2 SITE_NAME Parameter Stored XSS Vulnerability
Title: Hotaru CMS 1.4.2 SITE_NAME Parameter Stored XSS Vulnerability
Advisory ID: ZSL-2011-5057
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 13.11.2011
Apache 2.2.21
MySQL 5.5.16
PHP 5.3.8
[2] http://securityreason.com/wlb_show/WLB-2011110045
[3] http://secunia.com/advisories/46842/
[4] http://www.securityfocus.com/bid/50657
[5] http://osvdb.org/show/osvdb/77095
[6] http://xforce.iss.net/xforce/xfdb/71300
[7] http://xforce.iss.net/xforce/xfdb/71301
[8] http://xforce.iss.net/xforce/xfdb/71302
[9] http://osvdb.org/show/osvdb/77680
[10] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4709
[11] http://www.naked-security.com/nsa/201744.htm
[14.11.2011] - Added reference [1], [2] and [3]
[15.11.2011] - Added reference [4], [5], [6], [7] and [8]
[12.01.2012] - Added reference [9], [10] and [11]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2011-5057
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 13.11.2011
Summary
Hotaru CMS is an open source, PHP platform for building your own websites. With flexible plugins and themes, you can make any site you like.Description
The CMS suffers from multiple XSS vulnerabilities. Input thru the POST parameters 'SITE_NAME' (stored), 'return' (reflected) and the GET parameter 'search' (reflected) thru Hotaru.php, are not sanitized allowing the attacker to execute HTML code into user's browser session on the affected site.Vendor
Hotaru CMS - http://www.hotarucms.orgAffected Version
1.4.2Tested On
Microsoft Windows XP Professional SP3 (EN)Apache 2.2.21
MySQL 5.5.16
PHP 5.3.8
Vendor Status
N/APoC
hotarucms_xss.htmlCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://packetstormsecurity.org/files/106938[2] http://securityreason.com/wlb_show/WLB-2011110045
[3] http://secunia.com/advisories/46842/
[4] http://www.securityfocus.com/bid/50657
[5] http://osvdb.org/show/osvdb/77095
[6] http://xforce.iss.net/xforce/xfdb/71300
[7] http://xforce.iss.net/xforce/xfdb/71301
[8] http://xforce.iss.net/xforce/xfdb/71302
[9] http://osvdb.org/show/osvdb/77680
[10] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4709
[11] http://www.naked-security.com/nsa/201744.htm
Changelog
[13.11.2011] - Initial release[14.11.2011] - Added reference [1], [2] and [3]
[15.11.2011] - Added reference [4], [5], [6], [7] and [8]
[12.01.2012] - Added reference [9], [10] and [11]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk