exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

CMS Pylot Cross Site Request Forgery / Cross Site Scripting

CMS Pylot Cross Site Request Forgery / Cross Site Scripting
Posted Dec 29, 2014
Authored by MustLive

CMS Pylot suffers from cross site request forgery and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | 01f1a45be6f858d68cb4c7a7728eab0c21996ae492e868a252d83abe5edbf83a

CMS Pylot Cross Site Request Forgery / Cross Site Scripting

Change Mirror Download
Hello list!

These are Cross-Site Scripting and Cross-Site Request Forgery
vulnerabilities in CMS Pylot ("Ïèëîò" on Russian).

It's Ukrainian commercial CMS from Delta-X.

-------------------------
Affected products:
-------------------------

Vulnerable are all versions of CMS Pylot.

Developers from Delta-X haven't answered and haven't fixed these
vulnerabilities.

----------
Details:
----------

Cross-Site Scripting (WASC-08):

Example of XSS for IE:

http://site/index_admin_login.php?return_path=%27%22%20style=xss:expression(alert(document.cookie))%201

Cross-Site Request Forgery (WASC-09):

http://site/index_admin_login.php

Lack of protection in login form, such as captcha, leads to possibility of
conducting CSRF attacks, which I wrote about in the article Attacks on
unprotected login forms
(http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-April/007773.html).
It allows to conduct remote login. But the from isn't vulnerable to Brute
Force, since captcha appears after the first attempt.

Also it can be used for redirection. For these attacks it's needed to have
working login and password:

------------
Timeline:
------------

2014.08.02 - announced at my site.
2014.08.09 - informed developers.
2014.08.12 - informed developers again.
2014.12.26 - disclosed at my site (http://websecurity.com.ua/7292/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
Login or Register to add favorites

File Archive:

June 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    0 Files
  • 2
    Jun 2nd
    0 Files
  • 3
    Jun 3rd
    18 Files
  • 4
    Jun 4th
    21 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    57 Files
  • 7
    Jun 7th
    6 Files
  • 8
    Jun 8th
    0 Files
  • 9
    Jun 9th
    0 Files
  • 10
    Jun 10th
    12 Files
  • 11
    Jun 11th
    27 Files
  • 12
    Jun 12th
    38 Files
  • 13
    Jun 13th
    16 Files
  • 14
    Jun 14th
    14 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    16 Files
  • 18
    Jun 18th
    26 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close