############################################################################## Wiccle Web Builder CMS and iWiccle CMS Community Builder Multiple Cross-Site Scripting Vulnerability. SecPod Technologies (www.secpod.com) Author Veerendra G.G ############################################################################### SecPod ID: 1005 09/07/2010 Issue Discovered 09/10/2010 Vendor Notified 09/13/2010 Vendor Confirmed 09/14/2010 Fix Available Class: Cross-Site Scripting Severity: Medium Overview: --------- Wiccle Web Builder CMS and iWiccle CMS Community Builder is prone to multiple Cross-Site Scripting Vulnerabilities. Technical Description: ---------------------- Wiccle Web Builder CMS and iWiccle CMS Community Builder is prone to multiple Cross-Site vulnerabilities because it fails to properly sanitize user-supplied input. NOTE: Vulnerability is exploitable, when magic_quotes_gpc is Off (magic_quotes_gpc = Off) 1) Input passed via the 'member_city' parameter to 'index.php' when 'module' is set to 'dating' and 'show' is set to 'member_search' is not properly verified before it is returned to the user. NOTE: This vulnerability exists only in Wiccle Web Builder CMS POC: * http:///wwb_101/index.php?module=dating&show=member_search&member_gender=male&member_country=all&member_city= http:///iwiccle_1211/index.php?module=articles&show=post_search&post_text= http:///wwb_101/index.php?module=blogs&show=post_search&post_text= http:///iwiccle_1211/index.php?module=blogs&show=post_search&post_text= http:///wwb_101/index.php?module=gallery&show=post_search&post_text= http:///iwiccle_1211/index.php?module=gallery&show=post_search&post_text= http:///wwb_101/index.php?module=news&show=post_search&post_text= http:///iwiccle_1211/index.php?module=news&show=post_search&post_text= http:///wwb_101/index.php?module=store&show=post_search&post_text= http:///wwb_101/index.php?module=video&show=post_search&post_text= http:///iwiccle_1211/index.php?module=video&show=post_search&post_text= http:///wwb_101/index.php?module=links&show=post_search&post_text= http:///iwiccle_1211/index.php?module=links&show=post_search&post_text= http:///wwb_101/index.php?module=events&show=post_search&post_text= http:///iwiccle_1211/index.php?index.php?module=events&show=post_search&post_text= http:///wwb_101/index.php?module=downloads&show=post_search&post_text= http:///wwb_101/index.php?module=guestbook&show=post_search&post_text= http:///wwb_101/index.php?module=help&show=post_search&post_text= http:///wwb_101/index.php?module=notebox&show=post_search&post_text= http:///wwb_101/index.php?module=polls&show=post_search&post_text= http:///wwb_101/index.php?module=portfolio&show=post_search&post_text= http:///wwb_101/index.php?module=support&show=post_search&post_text= Workaround: ----------- Not available Solution: --------- iWiccle CMS Community Builder 1.3.0 (iwiccle_130.zip) http://www.wiccle.com/news/backstage_news/iwiccle/post/iwiccle_cms_community_builder_130_releas Risk Factor: ------------- CVSS Score Report ACCESS_VECTOR = NETWORK ACCESS_COMPLEXITY = MEDIUM AUTHENTICATION = NONE CONFIDENTIALITY_IMPACT = NONE INTEGRITY_IMPACT = PARTIAL AVAILABILITY_IMPACT = NONE EXPLOITABILITY = PROOF_OF_CONCEPT REMEDIATION_LEVEL = UNAVAILABLE REPORT_CONFIDENCE = CONFIRMED CVSS Base Score = 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) Credits: -------- Veerendra G.G of SecPod Technologies has been credited with the discovery of this vulnerability.