what you don't know can hurt you

WonderCMS 0.9.8 Cross Site Scripting

WonderCMS 0.9.8 Cross Site Scripting
Posted Nov 22, 2016
Authored by Manuel Garcia Cardenas

WonderCMS versions 0.9.8 and below suffer from a cross site scripting vulnerability.

tags | exploit, xss
MD5 | e2a28c660515d898832111ca2eeae753

WonderCMS 0.9.8 Cross Site Scripting

Change Mirror Download
=============================================
MGC ALERT 2016-006
- Original release date: Nov 16, 2016
- Last revised: Nov 21, 2016
- Discovered by: Manuel Garcia Cardenas
- Severity: 4,8/10 (CVSS Base Score)
=============================================

I. VULNERABILITY
-------------------------
Reflected XSS in WonderCMS <= v0.9.8

II. BACKGROUND
-------------------------
WonderCMS is a simple, small & secure flat file CMS.

III. DESCRIPTION
-------------------------
Has been detected a reflected XSS vulnerability in WonderCMS, that allows
the execution of arbitrary HTML/script code to be executed in the context
of the victim user's browser.

The code injection is done through the parameter "page" in the page
"editinplace.php".

IV. PROOF OF CONCEPT
-------------------------
Malicious Request:
/wonder/js/editinplace.php?page=<XSS injection>

Example:
/wonder/js/editinplace.php?page=<script>alert(1)</script>

V. BUSINESS IMPACT
-------------------------
An attacker can execute arbitrary HTML or script code in a targeted user's
browser, this can leverage to steal sensitive information as user
credentials, personal data, etc.

VI. SYSTEMS AFFECTED
-------------------------
WonderCMS <= v0.9.8

VII. SOLUTION
-------------------------
Update to 0.9.9 version

VIII. REFERENCES
-------------------------
https://wondercms.com/

IX. CREDITS
-------------------------
This vulnerability has been discovered and reported
by Manuel Garcia Cardenas (advidsec (at) gmail (dot) com).

X. REVISION HISTORY
-------------------------
Nov 16, 2016 1: Initial release
Nov 21, 2016 2: Last revision

XI. DISCLOSURE TIMELINE
-------------------------
Nov 16, 2016 1: Vulnerability acquired by Manuel Garcia Cardenas
Nov 16, 2016 2: Send to vendor
Nov 20, 2016 3: New version that includes patched code
https://wondercms.com/forum/viewtopic.php?f=8&t=761
Nov 21, 2016 4: Sent to lists

XII. LEGAL NOTICES
-------------------------
The information contained within this advisory is supplied "as-is" with no
warranties or guarantees of fitness of use or otherwise.

XIII. ABOUT
-------------------------
Manuel Garcia Cardenas
Pentester


Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

February 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    1 Files
  • 2
    Feb 2nd
    2 Files
  • 3
    Feb 3rd
    17 Files
  • 4
    Feb 4th
    15 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    16 Files
  • 7
    Feb 7th
    19 Files
  • 8
    Feb 8th
    1 Files
  • 9
    Feb 9th
    2 Files
  • 10
    Feb 10th
    15 Files
  • 11
    Feb 11th
    20 Files
  • 12
    Feb 12th
    12 Files
  • 13
    Feb 13th
    18 Files
  • 14
    Feb 14th
    17 Files
  • 15
    Feb 15th
    4 Files
  • 16
    Feb 16th
    4 Files
  • 17
    Feb 17th
    34 Files
  • 18
    Feb 18th
    15 Files
  • 19
    Feb 19th
    19 Files
  • 20
    Feb 20th
    20 Files
  • 21
    Feb 21st
    15 Files
  • 22
    Feb 22nd
    2 Files
  • 23
    Feb 23rd
    2 Files
  • 24
    Feb 24th
    16 Files
  • 25
    Feb 25th
    37 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close