Updates about YGN Ethical Hacker Group's Activities
Jcow CMS 4.2 <= | Cross Site Scripting
Get link
Facebook
X
Pinterest
Email
Other Apps
By
YGN Ethical Hacker Group
-
1. OVERVIEW
Jcow CMS 4.2 and lower versions are vulnerable to Cross Site Scripting.
2. BACKGROUND
Jcow is a flexible Social Networking software written in PHP. It can help you to build a social network for your interests and passions, a member community for your existing website and a social networking site like facebook/myspace/twitter.
3. VULNERABILITY DESCRIPTION
The parameter "g" is not properly sanitized upon submission to /index.php, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser.
4. VERSIONS AFFECTED
Jcow CMS 4.2 and lower
5. PROOF-OF-CONCEPT/EXPLOIT
File : /includes/libs/member.module.php:
Line 605:
http://[target]/index.php?p=member/signup&email=&username=&password=&fullname=&birthyear=1991&birthmonth=01&birthday=01&gender=0&location=Myanmar++&about_me=&recaptcha_challenge_field=03AHJ_Vuvk8U6zCeSdrjB0GPDuwaRP-tPJ2G7u3Nm5LpmVSGmZs_CIP9I_C0PYZ1zYY6F42zpzGKQkxSiUhhyu-QhhwZA6oTlLNntgAgmRkDjfZpu3j4-bMeQNpOVh1afb4fZ4qwaIxHpP1wL8-8-LgkEBE5auAFmF_w&recaptcha_response_field=&g=%22%3E%3Cscript%3Ealert%28/XSS/%29%3C/script%3E&onpost=1&agree_rules=1
6. SOLUTION
Upgrade to 4.3.1 or higher.
The commercial version 5.x.x is not vulnerable.
7. VENDOR
Jcow CMS Development Team
http://www.jcow.net
8. CREDIT
This vulnerability was discovered by Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar.
9. DISCLOSURE TIME-LINE
2010-06-03: notified vendor
2010-06-03: vendor replied fix would be available within 48hrs
2011-08-24: vendor released fixed version, jcow.4.3.1.ce
2011-08-26: vulnerability disclosed
10. REFERENCES
Original Advisory URL: http://yehg.net/lab/pr0js/advisories/[jcow_4.2]_cross_site_scripting
Jcow CMS: http://sourceforge.net/projects/jcow/files/jcow4/jcow.4.2.1.zip/download
#yehg [2011-08-26]
1. OVERVIEW CubeCart 3.0.20 and lower versions are vulnerable to Cross Site Scripting. 2. BACKGROUND CubeCart is an "out of the box" ecommerce shopping cart software solution which has been written to run on servers that have PHP & MySQL support. With CubeCart you can quickly setup a powerful online store which can be used to sell digital or tangible products to new and existing customers all over the world. 3. VULNERABILITY DESCRIPTION Multiple parameters are not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED 3.0.20 and lower (aka 3.0.x family) 5. Affected URLs and Parameters /admin/adminusers/permissions.php (adminId parameter) /admin/categories/index.php (cat_name parameter) /admin/categories/languages.php (cat_master_id parameter) /admin/customers/ (...