Sitemagic CMS 2010.04.17 (SMExt) Remote Cross-Site Scripting Vulnerability
Title: Sitemagic CMS 2010.04.17 (SMExt) Remote Cross-Site Scripting Vulnerability
Advisory ID: ZSL-2011-5020
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 21.06.2011
Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41
[10.06.2011] Vendor replies asking more details.
[10.06.2011] Sent vulnerability details to vendor.
[11.06.2011] Vendor replies.
[12.06.2011] Vendor confirms vulnerability.
[15.06.2011] Asked vendor for scheduled patch release date.
[17.06.2011] No reply from vendor.
[18.06.2011] Sent another e-mail to vendor asking for scheduled patch release date, pointing out the reasonable timeframe for fixing a XSS issue.
[18.06.2011] Vendor says that they will keep me posted when new release is available.
[20.06.2011] Informed the vendor that the advisory release will be on 21st of June.
[21.06.2011] Public security advisory released.
[2] http://www.securityfocus.com/bid/48355
[3] http://packetstormsecurity.org/files/102474
[4] http://osvdb.org/show/osvdb/73201
[5] http://securityreason.com/wlb_show/WLB-2011060067
[22.06.2011] - Added reference [5]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2011-5020
Type: Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 21.06.2011
Summary
Sitemagic CMS is a fantastic new platform for building and maintaining great looking websites. It is very easy to set up and use, and is fully extendable and customizable.Description
Sitemagic CMS suffers from a XSS vulnerability when parsing user input to the 'SMExt' parameter via GET method in 'index.php'. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.Vendor
Sitemagic CMS - http://www.sitemagic.orgAffected Version
2010.04.17Tested On
Microsoft Windows XP Professional SP3 (EN)Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41
Vendor Status
[10.06.2011] Initial contact with the vendor.[10.06.2011] Vendor replies asking more details.
[10.06.2011] Sent vulnerability details to vendor.
[11.06.2011] Vendor replies.
[12.06.2011] Vendor confirms vulnerability.
[15.06.2011] Asked vendor for scheduled patch release date.
[17.06.2011] No reply from vendor.
[18.06.2011] Sent another e-mail to vendor asking for scheduled patch release date, pointing out the reasonable timeframe for fixing a XSS issue.
[18.06.2011] Vendor says that they will keep me posted when new release is available.
[20.06.2011] Informed the vendor that the advisory release will be on 21st of June.
[21.06.2011] Public security advisory released.
PoC
sitemagic_xss.txtCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://secunia.com/advisories/44728/[2] http://www.securityfocus.com/bid/48355
[3] http://packetstormsecurity.org/files/102474
[4] http://osvdb.org/show/osvdb/73201
[5] http://securityreason.com/wlb_show/WLB-2011060067
Changelog
[21.06.2011] - Initial release[22.06.2011] - Added reference [5]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk