exploit the possibilities

SITEFACT CMS 2.01 Cross Site Scripting

SITEFACT CMS 2.01 Cross Site Scripting
Posted May 25, 2015
Authored by Jing Wang

SITEFACT CMS version 2.01 suffers from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | dbae1c42fe42d98b8086d1c78c377ef2

SITEFACT CMS 2.01 Cross Site Scripting

Change Mirror Download
*SITEFACT CMS XSS (Cross-site Scripting) Web Security Vulnerabilities*


Exploit Title: SITEFACT CMS content.php? &id Parameter XSS Security
Vulnerabilities
Product: SITEFACT CMS (Content Management System)
Vendor: SITEFACT
Vulnerable Versions: version 2.01
Tested Version: version 2.01
Advisory Publication: May 24, 2015
Latest Update: May 24, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Writer and Reporter: Wang Jing [School of Physical and Mathematical
Sciences (SPMS), Nanyang Technological University (NTU), Singapore]
(@justqdjing)





*Recommendation Details:*


*(1) Vendor & Product Description:*


*Vendor:*
SITEFACT



*Product & Vulnerable Versions:*
SITEFACT
version 2.01



*Vendor URL & Download:*
Product can be obtained from here,
http://www.sitefact.de/index.cfm?resid=1&res=1024&sid=2&skt=2279



*Google Dork:*
"Powered by SITEFACT"



*Product Introduction Overview:*
"Publish . Your content without any prior knowledge on the Internet
Numerous integrated tools are available . Images, documents and movies can
be provided with a click. We present yourself individually and
professionally to your CI and your wishes . About a layout interface design
can change at any time , or of course your own layout to be integrated. Our
content management system is designed for search engine indexing . You can
easily book your website for search engines like Google , Bing , Yahoo ,
... optimize .."

"By running his own web server , you do not need a provider and need to
install anything . Updates are performed automatically and for free . All
you need is a PC with Internet access. SITE FACT is a proprietary
development of Arvenia GmbH . Therefore, we can always realize your
individual wishes and integrate them into SITE FACT. If you need our
assistance , please contact our free support. With personal contact and
landline number during the entire runtime."




*(2) Vulnerability Details:*
SITEFACT web application has a computer cyber security bug problem. It can
be exploited by XSS attacks. This may allow a remote attacker to create a
specially crafted request that would execute arbitrary script code in a
user's browser session within the trust relationship between their browser
and the server.

Several other similar products 0-day vulnerabilities have been found by
some other bug hunter researchers before. SITEFACT has patched some of
them. The Full Disclosure mailing list is a public forum for detailed
discussion of vulnerabilities and exploitation techniques, as well as
tools, papers, news, and events of interest to the community. FD differs
from other security lists in its open nature and support for researchers'
right to decide how to disclose their own discovered bugs. The full
disclosure movement has been credited with forcing vendors to better secure
their products and to publicly acknowledge and fix flaws rather than hide
them. Vendor legal intimidation and censorship attempts are not tolerated
here! It also publishes suggestions, advisories, solutions details related
to XSS vulnerabilities and cyber intelligence recommendations.


*(2.1)* The first programming flaw occurs at "/index.cfm?" page with "&res"
"&skt" "&pid" parameters.


*(2.2)* The second programming flaw occurs at login domain "/index.cfm?"
page with "&sid" parameter.






*References:*
http://www.tetraph.com/security/xss-vulnerability/sitefact-cms-xss/
http://securityrelated.blogspot.com/2015/05/sitefact-cms-xss.html
http://www.inzeed.com/kaleidoscope/computer-security/sitefact-cms-xss/
http://seclists.org/fulldisclosure/2015/Mar/2
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg02031.html
https://webtechwire.wordpress.com/2015/05/24/sitefact-cms-xss/
http://cxsecurity.com/issue/WLB-2015030073
http://whitehatpost.blog.163.com/blog/static/242232054201542474057982/
http://lists.openwall.net/full-disclosure/2015/05/08/7
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1958





--
Jing Wang,
Division of Mathematical Sciences (MAS),
School of Physical and Mathematical Sciences (SPMS),
Nanyang Technological University (NTU),
Singapore.
http://www.tetraph.com/wangjing/
https://twitter.com/justqdjing


Login or Register to add favorites

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    15 Files
  • 20
    Jan 20th
    29 Files
  • 21
    Jan 21st
    12 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    17 Files
  • 25
    Jan 25th
    34 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close