TUCoPS :: Web :: CMS / Portals :: tb11204.htm

WmsCMS < = 2.0 Multiple XSS Vulnerabilities
WmsCMS < = 2.0 Multiple XSS Vulnerabilities
WmsCMS < = 2.0 Multiple XSS Vulnerabilities


Application:  WmsCMS

Vendors Url: http://www.web-master.biz 

Bug Type:     Multiple URL Handling Remote Cross-Site Scripting Vulnerabilities

Exploitation: Remote

Severity: Less Critical 

Solution Status: Unpatched 

Introduction: WmsCMS is a web-based CMS system

Google Dork:  "Powered by WMS-CMS"

Affected Versions WmsCMS <= 2.0


Description:

User-supplied input passed via the URL is not properly sanitised before it is being returned to the user in index.php?pageid=. This can be exploited to execute arbitrary script code in the security context of an affected website, as a result the code will be able to access any of the target user's cookies, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.


PoC:

[XSS">http://[target]/4print.asp?p=60&sbl=>">[XSS] 
[XSS">http://[target]/4print.asp?p=60&sbr=>">[XSS] 






action="http://[target]/default.asp?p=60&sbl=20&sbr=1" method="post"> 










Solution:

There was no vendor-supplied solution at the time of entry.

Edit source code manually to ensure user-supplied input is correctly sanitised.

Filter malicious characters and character sequences via a HTTP proxy or firewall with URL filtering capabilities.


Credits:

Glafkos Charalambous
glafkos (at) infosec (dot) org (dot) uk

Information Security Uncensored
InfoSEC.org.uk

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH