TUCoPS :: Web :: CMS / Portals :: va2740.htm

YEKTA WEB Academic Web Tools CMS Multiple XSS
YEKTA WEB Academic Web Tools CMS Multiple XSS
YEKTA WEB Academic Web Tools CMS Multiple XSS



============================================ IUT-CERT =============================================0D
=0D
 Title: Academic Web Tools CMS Multiple XSS=0D
Vendor: www.yektaweb.com=0D 
 Vulnerable Version: 1.5.7 and priors=0D
 Type: XSS=0D
 Fix: N/A=0D
 Dork: AWT YEKTA=0D
=0D
============================================  nsec.ir =============================================0D
=0D
Description:=0D
------------------=0D
=0D
	YEKTAWEB Academic Web Tools is a Persian Content Management System (CMS) for managing university=0D
	affairs such as conferences, journals and etc.=0D
    The built-in filter of this package can not prevent XSS attack on some parameters.=0D
=0D
=0D
=0D
Vulnerabilities:=0D
------------------=0D
=0D
	1- Cross Site Scripting (XSS) in "/page.php" in "sid","logincase" and "redirect" parameters.=0D
http://yoursite/page.php?sid=[XSS]=0D 
http://yoursite/page.php?logincase=[XSS]=0D 
http://yoursite/page.php?redirect=[XSS]=0D 
	=0D
	2- Cross Site Scripting (XSS) in "/page_arch.php" in "sid","logincase" and "redirect" parameters.=0D
http://yoursite/page_arch.php?sid=[XSS]=0D 
http://yoursite/page_arch.php?logincase=[XSS]=0D 
http://yoursite/page_arch.php?redirect=[XSS]=0D 
=0D
=0D
	3- Cross Site Scripting (XSS) in "/login.php" in "sid" ,"logincase" and "redirect" parameters.=0D
http://yoursite/login.php?sid=[XSS]=0D 
http://yoursite/login.php?logincase=[XSS]=0D 
http://yoursite/login.php?redirect=[XSS]=0D 
=0D
	4- Cross Site Scripting (XSS) in "/download.php" in "sid" ,"logincase" and "redirect" parameters.=0D
http://yoursite/login.php?sid=[XSS]=0D 
http://yoursite/login.php?logincase=[XSS]=0D 
http://yoursite/login.php?redirect=[XSS]=0D 
=0D
=0D
Exploit/PoC:=0D
------------------=0D
=0D
=0D
Example: =0D
http://yoursite/login.php?slct_pg_id=53&sid=1*/-->&slc_lang=fa=0D 
http://yoursite/page_arch.php?slc_lang=fa&sid=1&logincase=*/-->=0D 
http://yoursite/page.php?sid=1&slc_lang=en&redirect=*/-->=0D 
=0D
=0D
Solution:=0D
------------------=0D
=0D
		Input Validation Filter should be patched.=0D
=0D
=0D
Credit: =0D
------------------=0D
Isfahan University of Technology - Computer Emergency Response Team=0D
Thanks to : M. R. Faghani, N. Fathi, E. Aerabi, E. Jafari=0D
=0D
=0D
=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH