SocialCMS <= 1.0.2 XSS (Persistent and Reflected) Vulnerabilities

Posted on March 30, 2012 by admin_24

SocialCMS 1.0.2 (and lower) is prone to a persistent XSS vulnerability due to an improper input sanitization of “TR_title” parameter, passed to “my_admin/admin1_list_pages.php” via http POST method. Exploiting this vulnerability an authenticated user – which is able to publish an article – could insert arbitrary code in web management interface “Title” field – under “my_admin/admin1_list_pages.php?id=<page_id>&action=edit” – that will be executed when an administrator – or another user – will browse that web page.

Improper input sanitization of “TR_title” parameter causes also a Reflected XSS for the user which inserts html/javascript code.

MITRE CVE Numbering Authority assigned me CVE-2012-1982 for this vulnerability.

To view my Original Advisory:
SocialCMS 1.0.2 XSS (Persistent and Reflected) Advisory

Simple Php Agenda <= 2.2.8 Multiple CSRF Vulnerabilities

Posted on March 28, 2012 by admin_24

Simple Php Agenda 2.2.8 (and lower) is affected by a CSRF Vulnerability which allows an attacker to add a new administrator, delete an existing administrator, create/delete a new event and change any other parameters. In this document I will only demonstrate how to:
- add a new administrator
- delete a existing administrator
- add a new event
- delete an existing event.
Other parameters can be also modified.

To view my Original Advisory:
Simple PHP Agenda 2.2.8 Multiple CSRF Advisory

MITRE CVE Numbering Authority for this vulnerability assigned me CVE-2012-1978

Wolfcms <= 0.75 Multiple Vulnerabilities

Posted on March 22, 2012 by admin_24

Wolfcms 0.75 (and lower) is prone to multiple CSRF vulnerabilities that allow to delete admin/user, delete web pages, delete “images” and “themes” directory, force logout when an authenticated admin/user browses a special crafted web page.
This cms is also affected by XSS vulnerabilities in “wolfcms/admin/user/add” pages due to an improper input sanitization of “user[name]“, “user[email]” and “user[username]” parameters passed via POST http method.

To view my Original Advisory:
Wolfcms 0.75 Multiple Vulnerabilities (CSRF-XSS)

FlexCMS Multiple CSRF Vulnerabilities

Posted on March 16, 2012 by admin_24

FlexCMS 3.2.1(latest version) suffers from multiple CSRF vulnerabilities which could allow an attacker to change any parameters when an authenticated user/admin browses a special crafted web page. In this Advisory I’ve only demonstrate how to change settings of user “demo” (is default user of demo page) and also I’ve created a new web page.

To read more about them you can download my Original Advisory.

MITRE CVE Numbering Authority assigned me CVE-2012-1901 for this vulnerability,

Other related publications:

Offensive Security Exploit-DB
NIST – National Vulnerability Database
Inj3ct0r
Packet Storm
Secunia Advisory SA48451
Kaspersky Lab Advisory
OSVDB
IBM X-Force

Kaspersky Lab – Webfolio CMS Vulnerability

Posted on February 29, 2012 by admin_24

Kaspersky Lab published my new Advisory regarding a new vulnerability which affects all versions of Webfolio CMS.

For read Kaspersky Lab’s Advisory:
http://www.securelist.com/en/advisories/48190

For read my Original Advisory:
http://ivanobinetti.blogspot.com/2012/02/webfoliocms-114-csrf-add-adminmodify.html

ContaoCMS (fka TYPOlight) 2.11 CSRF (Delete Admin- Delete Article)

Posted on February 27, 2012 by admin_24

ContaoCMS (fka TYPOlight) 2.11 version (and lower) in affected by a CSRF vulnerability which allows to delete administrator/users, delete article, news, newsletter and so on.
I’ve created an Advisory describing this vulnerability and the methods to exploit it:
ContaoCMS Ivano Binetti’s Advisory

Other web sites have reported my security Advisory:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1297
http://osvdb.org/show/osvdb/79635
http://packetstormsecurity.org/files/110214/ContaoCMS-2.11.0-Cross-Site-Request-Forgery.html
http://www.exploit-db.com/exploits/18527/
http://secunia.com/advisories/48180/
http://www.securelist.com/en/advisories/48180
http://xforce.iss.net/xforce/xfdb/73479
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1297
https://bugs.launchpad.net/bugs/cve/2012-1297
http://cxsecurity.com/cveshow/CVE-2012-1297/
http://www.cvedetails.com/cve/CVE-2012-1297/

Kaspersky Lab published my ForkCMS 3.2.6 Advisory

Posted on February 26, 2012 by admin_24

Today Kaspersky Lab (http://www.securelist.com/) published my ForkCMS 3.2.6 vulnerability.
For more details:
http://www.securelist.com/en/advisories/48067

Ivano Binetti

Personal Blog

Category Archives: Kaspersky Lab