header-logo
Suggest Exploit
vendor:
VisualSite CMS
by:
Abysssec Inc
7,5
CVSS
HIGH
Logical Bug for Lock Admin's Login & Persistent XSS in admin section
79, 352
CWE
Product Name: VisualSite CMS
Affected Version From: VisualSite 1.3
Affected Version To: VisualSite 1.3
Patch Exists: YES
Related CWE: N/A
CPE: a:visualsite:visualsite_cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

VisualSite CMS Multiple Vulnerabilities

VisualSite CMS version 1.3 has multiple vulnerabilities, including a logical bug for locking admin's login and persistent XSS in the admin section. If an attacker enters certain values into the login page three times within five minutes, the admin's login will be locked. Additionally, in the edit section, which is accessible to admins, it is possible to enter a script in the description field that only executes when an admin visits the page.

Mitigation:

Ensure that all user input is properly sanitized and validated before being used in the application. Additionally, ensure that the application is regularly updated with the latest security patches.
Source

Exploit-DB raw data:

'''
  __  __  ____         _    _ ____  
 |  \/  |/ __ \   /\  | |  | |  _ \ 
 | \  / | |  | | /  \ | |  | | |_) |
 | |\/| | |  | |/ /\ \| |  | |  _ < 
 | |  | | |__| / ____ \ |__| | |_) |
 |_|  |_|\____/_/    \_\____/|____/ 

 http://www.exploit-db.com/moaub-25-visualsite-cms-multiple-vulnerabilities/
 
'''

Abysssec Inc Public Advisory
 
 
  Title            :  VisualSite CMS Multiple Vulnerabilities
  Affected Version :  VisualSite 1.3
  Discovery        :  www.abysssec.com
  Download Links   :  http://sourceforge.net/projects/visualsite/
  Login Page       :  http://Example.com/Admin/Default.aspx
 
Description :
===========================================================================================      
  This version of Visual Site CMS have Multiple Valnerabilities : 
        1- Logical Bug for Lock Admin's Login
        2- Persistent XSS in admin section


Logical Bug for Lock Admin's Login:
===========================================================================================     

  If you enter this values in Login Page (http://Example.com/Admin/Default.aspx)
  three times during five minutes , the Admin's login will be locked:

    Username : 1' or '1'='1 
    Password : foo
  

  Vulnerable Code is in this file:
                ../App_Code/VisualSite/DAL.cs
  Ln 378:
                public static User GetUser(string username)
	        {
                  User result = null;
                  DataTable matches = ExecuteRowset(String.Format("SELECT [ID], [Username], [Password], [LockedDate] FROM [User] WHERE [Username] = '{0}'", Sanitise(username)));
                  if (matches != null && matches.Rows.Count > 0)
                   {
                     ...
                   }
                  return result;
                 }



Persistent XSS in admin section:
===========================================================================================     
  In Edit Section which is accessible to Admin, it is possible to enter a script in Description field 
  that only executed in the following path and never executed in other situations:

     http://Example.com/SearchResults.aspx?q={} 


===========================================================================================

Navigation

Suggest Exploit

Services By CQR