Title: ====== Content Papst CMS v2011.2 - Multiple Web Vulnerabilities Date: ===== 2011-12-18 References: =========== http://www.vulnerability-lab.com/get_content.php?id=363 VL-ID: ===== 363 Introduction: ============= Contentpapst ist ein leistungsstarkes und sehr flexibles Content-Management-System (CMS) speziell für kleine und mittelständische Unternehmen, Behörden und Organisationen. Mit dem CMS Contentpapst verwalten Sie Ihre Firmen-Homepage, Ihre Vereins-Webseite etc. zukünftig komplett per Browser, ohne zusätzliche Software! (Copy of the Vendor Homepage: http://www.sandoba.de/produkte/cms-contentpapst/) Abstract: ========= Vulnerability Laboratory Research Team discovered multiple web vulnerabilities in the Content Papst CMS v2011.2 Report-Timeline: ================ 2011-12-18: Public or Non-Public Disclosure Status: ======== Published Exploitation-Technique: ======================= Remote Severity: ========= Medium Details: ======== 1.1 Multiple persistent input validation vulnerabilities are detected on the famous Content Papst v2011.2 Content Management System. The vulnerability allows an remote attacker or local low privileged cp user account to inject own malicious script codes on application side (persistent) of the web service. Successful exploitation of the vulnerability can result in persistent module content manipulation of vulnerable modules, phishing & session hijacking. Vulnerable Module(s): [+] Categorie => Titel/Beschreibung/Permalink [+] Links => Titel/URL/Beschreibung [+] Artikel-Categorie => Titel/Beschreibung/Permalink [+] Artikel => Titel/Beschreibung/Permalink [+] News => Name/Beschreibung/URL Picture(s): ../1.png ../2.png 1.2 Multiple non-persistent cross site scripting vulnerabilities are detected on the famous Content Papst v2011.2 Content Management System. The vulnerability allows an attacker (remote) to hijack customer/admin/moderator/user accounts via cross site scripting. Successful exploitation of the vulnerability can result in account steal & client side content manipulation on requests. Vulnerable Module(s): [+] Dateiverwaltung - Topic [Name,Path & Folder] [+] News - Search Parameter Picture(s): ../3.png 1.3 A Information/Path disclosure issue are detected on the famous Content Papst v2011.2 Content Management System. A regular expression format output displays mistake shows remote attackers sensitive information via path error. Vulnerable Module(s): [+] Search File Overview --- Exception Logs --- Warning: preg_match() [function.preg-match]: No ending delimiter \/ found in /kunden/282246_12XXX/cms-test.com/demoversion/modules/upload/class.admin.php on line 563
Warning: preg_match() [ 3 hacker23 >"