exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Elxis CMS 2009.3 Aphrodite Cross Site Scripting

Elxis CMS 2009.3 Aphrodite Cross Site Scripting
Posted Dec 5, 2011
Authored by Ewerson Guimaraes | Site dclabs.com.br

Elxis CMS version 2009.3 Aphrodite suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 2b7473b579ddcea15d73a3c7e023c99523982c32b11bf13f08a0b4a39ab86ab3

Elxis CMS 2009.3 Aphrodite Cross Site Scripting

Change Mirror Download
[Discussion]

- DcLabs Security Research Group advises about the following vulnerability(ies):

[Software]

- Elxis CMS

[Vendor Product Description]

- Elxis is powerful open source content management system (CMS)
released for free under the GNU/GPL license. It has unique
multi-lingual features, it follows W3C standards, it is secure,
flexible, easy to use, and modern. The development team, Elxis Team,
paid extra attention to the optimization of the CMS for the search
engines and this lead to high performance of all elxis powered web
sites and to high ranking in search engines results.


- Site: http://www.elxis.org/

[Advisory Timeline]

- 11/22/2011 -> First Contact requesting security department contact;
- 11/22/2011 -> Vendor responded;
- 11/23/2011 -> Advisory sent to vendor;
- 11/23/2011 -> Vendor reply, fix the bug, release  patch and
coordinate to publish.
- 12/05/2011 -> Published.

[Bug Summary]

- Persistent/Stored Cross-Site Scripting (XSS) (The cms admin can edit
user contact info with XSS codes)

- Non-Persistent Cross-Site Scripting (XSS)

[Impact]

- High

[Affected Version]

- Elxis 2009.3 aphrodite


[Bug Description and Proof of Concept]

- Exploiting the HTML-injection issue allows an attacker to execute
HTML and Java Script code in the remote user context to steal
cookie-based authentication credentials or to control how the site is
rendered to the user; other attacks may also be possible.

- Moreover, Cross Site Scripting (XSS) vulnerabilities are caused due
to lack of input validation. This allows malicious people to inject
arbitrary HTML and script code. More info at:
http://en.wikipedia.org/wiki/Cross-site_scripting

POC

/elxis/index.php?id=3&Itemid=9&option=com_content&task=%22%20onmouseover%3dprompt%28dclabs%29%20dcl%3d%22

/elxis/administrator/index.php/%22onmouseover=prompt(dclabs)%3E


All flaws described here were discovered and researched by:

Ewerson Guimaraes aka Crash
DcLabs Security Research Group
crash (at) dclabs <dot> com <dot> br

[Patch(s) / Workaround]

http://forum.elxis.org/index.php?PHPSESSID=v9i7kgmmb2554ldmlcmbj32ugjd0ngpc&topic=5144.msg43327#msg43327

[Greetz]
DcLabs Security Research Group.

--
Ewerson Guimaraes (Crash)
Pentester/Researcher
DcLabs Security Team
www.dclabs.com.br
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close