Webfolio CMS 1.1.4 Cross Site Scripting

Webfolio CMS 1.1.4 Cross Site Scripting: Posted Mar 7, 2012; Authored by Ivano Binetti; Webfolio CMS versions 1.1.4 and below suffer from multiple cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss; SHA-256 | 93f6b868f021feffc6c34fae1946370d4c0b5076b89e10d2dac090857f503a57; Download | Favorite | View

Webfolio CMS 1.1.4 Cross Site Scripting

+--------------------------------------------------------------------------------------------------------------------------------+
# Exploit Title    : WebfolioCMS <= 1.1.4 Multiple XSS 
# Date             : 07-03-2012
# Author           : Ivano Binetti (https://www.ivanobinetti.com)
# Software link    : https://sourceforge.net/projects/webfolio-cms/files/WebfolioCMS-1.1.4.zip/download
# Vendor site      : https://webfolio-cms.sourceforge.net/
# Version          : 1.1.4 and lower 
# Tested on        : Debian Squeeze (6.0) 
# Original Advisory: https://ivanobinetti.blogspot.com/2012/03/webfolio-114-multiple-xss.html
+--------------------------------------------------------------------------------------------------------------------------------+
+------------------------------------------[CSRF Vulnerabilities by Ivano Binetti]-----------------------------------------------+

Summary
1)Introduction
2)Vulnerabilities Description
3)POC
 
+--------------------------------------------------------------------------------------------------------------------------------+
1)Introduction
Webfolio CMS "is a free, open-source, customized content management system, whose main purpose is creation of web sites for 
presenting someone's work, and portfolio-like websites".

2)Vulnerabilities Description
WebfolioCMS 1.1.4 (and lower) is prone to multiple XSS vulnerabilities in "webfolio/admin/users/edit/<used_id>" pages 
- where <used_id> = 1....n - due to an improper input sanitization.

3)POC
To exploit "First name" and "Last name" fields: 
<script>alert(document.cookie)</script> 

To exploit "Email (required)" field: 
email@email.com"><script>alert(document.cookie)</script> 
 
+--------------------------------------------------------------------------------------------------------------------------------+

Top Authors In Last 30 Days

Red Hat 235 files
Ubuntu 50 files
Debian 19 files
LiquidWorm 15 files
Apple 9 files
Gentoo 5 files
Google Security Research 3 files
Alter Prime 3 files
Pierre Kim 2 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,945)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,337)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,987)
UNIX (9,475)
UnixWare (188)
Windows (6,784)
Other

Webfolio CMS 1.1.4 Cross Site Scripting

Webfolio CMS 1.1.4 Cross Site Scripting

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Webfolio CMS 1.1.4 Cross Site Scripting

Share This

Webfolio CMS 1.1.4 Cross Site Scripting

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems