ZeroCMS 1.0 – Persistent Cross-Site Scripting

• Exploit Database
• 10 阅读

• 作者： Mayuresh Dani
  日期： 2014-07-27
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/34170/

• ######################
  # Exploit Title: Persistent ZeroCMS Cross-Site Scripting Vulnerability
  
  # Discovered by: Mayuresh Dani
  
  # Vendor Homepage: http://www.aas9.in/zerocms/
  
  # Software Link: https://github.com/pcx1256/zerocms/archive/master.zip
  
  # Version: 1.0?
  
  # Date: 2014-07-25
  
  # Tested on: Windows 7 / Mozilla Firefox
  Ubuntu 14.04 / Mozilla Firefox
  
  # CVE: CVE-2014-4710
  
  ######################
  
  # Vulnerability Disclosure Timeline:
  
  2014-06-15:Discovered vulnerability
  2014-06-23:Vendor Notification (Support e-mail address)
  2014-07-25:Public Disclosure
  
  # Description
  
  ZeroCMS is a very simple Content Management System Built using PHP and
  MySQL.
  
  The application does not validate any input to the "Full Name", "Email
  Address", "Password" or "Confirm Password" functionality. It saves this
  unsanitized input in the backend databased and executes it when visiting
  the subsequent or any logged-in pages.
  
  ######################
  
  # Steps to reproduce the vulnerability
  
  1) Visit the "Create Account" page (eg.
  http://localhost/zerocms/zero_transact_user.php)
  
  2) Enter your favourite XSS payload and click on "Create Account"
  
  3) Enjoy!
  
  More information:
  https://community.qualys.com/blogs/securitylabs/2014/07/24/yet-another-zerocms-cross-site-scripting-vulnerability-cve-2014-4710
  
  #####################
  
  Thanks,
  Mayuresh.