exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

wityCMS 0.6.1 Cross Site Scripting

wityCMS 0.6.1 Cross Site Scripting
Posted May 28, 2018
Authored by Nathu Nandwani

wityCMS version 0.6.1 suffers from a cross site scripting vulnerability.

tags | exploit, xss
advisories | CVE-2018-11512
SHA-256 | cf35f62293a5c896e129d0813de47e7e5cdcf4189cc5ad8ec259e3deaca58794

wityCMS 0.6.1 Cross Site Scripting

Change Mirror Download
# Exploit Title: wityCMS 0.6.1 Persistent XSS on "Website's name" field
# Date: 05/28/2018
# Exploit Author: Nathu Nandwani
# Website: http://nandtech.co/
# Vendor Homepage: https://creatiwity.net/witycms
# Software Link: https://github.com/Creatiwity/wityCMS/releases/tag/0.6.1
# Version: 0.6.1
# Tested on: Windows 10 x64 (XAMPP, Chrome)
# CVE: CVE-2018-11512

*Description

A persistent/stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general.

*Proof of Concept

1. Attacker logs in as an administrator of the site.
2. Attacker visits the Administrator page and clicks on the general options then settings menu.
3. Attacker enters the script below in the "Website's name" field:
<scri<script>pt>alert(1)</scri</script>pt>
Note: The "script" tag is being filtered but not recursively so having the first tag stripped off will still execute the one being combined.
3. Once the "Save" button is clicked, the payload will execute.
4. When an unauthenticated user visits the home page, the payload will also execute.

*Mitigation

See https://github.com/Creatiwity/wityCMS/commit/7967e5bf15b4d2ee6b85b56e82d7e1229147de44

Timeline

2018-05-27-Vulnerability reported to wityCMS development team
2018-05-27-CVE requested from mitre.org
2018-05-28-wityCMS development team acknowledges and will be pushing the fix for production on 0.6.2
2015-05-28-CVE published by mitre: https://twitter.com/CVEnew/status/1001093385929805831

Login or Register to add favorites

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    11 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close