header-logo
Suggest Exploit
vendor:
CMS
by:
hodik
8.8
CVSS
HIGH
Persistent XSS and CSRF
79
CWE
Product Name: CMS
Affected Version From: 2.1
Affected Version To: 2.1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Explay CMS <= 2.1 Persistent XSS and CSRF

This CMS has bad anti-XSS filter that cut only some basic vectors. The loginned user can inject persistent XSS by adding to article text or comment <img src="http://google.com" onerror="alert(document.cookie)" />. User can get admin rights if admin open malicious page that contain, for instance: <img src="http://explay.localhost/admin.php?name=users&page=1&order=user_id&set_admin=2" /> or merely insert it to comment or article text.

Mitigation:

Implement a strong anti-XSS filter and use CSRF tokens for authentication.
Source

Exploit-DB raw data:

==================================
Explay CMS <= 2.1 Persistent XSS and CSRF
==================================
Discovered by hodik
Mail: n.khodov@gmail.com

1. Persistent XSS
This CMS has bad anti-XSS filter that cut only some basic vectors. The loginned user can inject persistent XSS by adding to article text or comment  <img src="http://google.com" onerror="alert(document.cookie)" />

2. CSRF
User can get admin rights if admin open malicious page that contain, for instance:
<img src="http://explay.localhost/admin.php?name=users&page=1&order=user_id&set_admin=2" />
or merely insert it to comment or article text.

# milw0rm.com [2008-09-19]

Navigation

Suggest Exploit

Services By CQR