CompactCMS 1.4.1 Cross Site Scripting / File Disclosure

CompactCMS 1.4.1 Cross Site Scripting / File Disclosure: Posted Jan 15, 2011; Authored by NLSecurity; CompactCMS version 1.4.1 suffers from cross site scripting and file disclosure vulnerabilities.; tags | exploit, vulnerability, xss, info disclosure; SHA-256 | fb1a94c42460186a7c3e32281f2b7f8e2203caecc924c1b4c07593d3db5a2549; Download | Favorite | View

CompactCMS 1.4.1 Cross Site Scripting / File Disclosure

# Exploit Title: CompactCMS 1.4.1 Multiple Vulnerabilities
# Google Dork:   intext:"Maintained with CompactCMS.nl" intitle:"Print: *"
# Date:          17-12-2010
# Author:        NLSecurity
# Software Link: http://files.compactcms.nl/stable/
# Version:       CompactCMS 1.4.1
# Credits:       http://www.nlsecurity.org/
# Extra:         irc.6667.eu  #main
 
Description:
 
CompactCMS 1.4.1 has multiple XSS and File Disclosure vulnerabilities. These file disclosures will
appear if the users have access to view open directories.
 
--- File Disclosures ---
 
/admin/includes/modules/backup-restore/
/admin/includes/modules/backup-restore/content-owners/
/admin/includes/modules/backup-restore/module-management/
/admin/includes/modules/backup-restore/permissions/
/admin/includes/modules/backup-restore/template-editor/
/admin/includes/modules/backup-restore/user-management/
 
/admin/includes/fancyupload/
/admin/includes/fancyupload/Assets/
/admin/includes/fancyupload/Assets/Icons/
 
/admin/includes/fancyupload/Backend/
/admin/includes/fancyupload/Backend/Assets/
/admin/includes/fancyupload/Backend/Assets/getid3/
 
/admin/includes/fancyupload/Language/
/admin/includes/fancyupload/Source/
/admin/includes/fancyupload/Source/Uploader/
 
/admin/includes/edit_area/
/admin/includes/edit_area/images/
/admin/includes/edit_area/langs/
/admin/includes/edit_area/reg_syntax/
 
/admin/img/mochaui/
/admin/img/styles/
/admin/img/uploader/
 
/_docs/
 
... Perhaps more, but this should give an idea. :-)
 
--- Cross-Site Scripting Vulnerabilities (XSS) ---
 
/afdrukken.php?page=">[XSS]
 
This can be found on line 48:
<strong><a href="<?php echo $ccms['rootdir'];?><?php echo ($_GET['page']!=$cfg['homepage'])?$_GET['page'].'.html':null; ?>"><?php echo $ccms['lang']['system']['tooriginal']; ?></a></strong>
Vuln: $_GET['page']
 
---
 
/admin/includes/modules/permissions/permissions.Manage.php?status=notice&msg=[XSS]
 
This can be found on line 62:
<?php if(isset($_GET['msg'])) { echo '<span class="ss_sprite ss_confirm">'.$_GET['msg'].'</span>'; } ?>
Vuln: $_GET['msg']
 
---
 
/lib/includes/auth.inc.php
Username input field (userName) has an XSS vulnerability when using POST data.
 
This can be found on line 119:
<label for="userName"><?php echo $ccms['lang']['login']['username']; ?></label><input type="text" class="alt title" autofocus placeholder="username" name="userName" style="width:300px;" value="<?php echo (!empty($_POST['userName'])?$_POST['userName']:null);?>" id="userName" />
Vuln: $_POST['userName']

Top Authors In Last 30 Days

Red Hat 210 files
Ubuntu 64 files
Debian 27 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

CompactCMS 1.4.1 Cross Site Scripting / File Disclosure

CompactCMS 1.4.1 Cross Site Scripting / File Disclosure

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

CompactCMS 1.4.1 Cross Site Scripting / File Disclosure

Share This

CompactCMS 1.4.1 Cross Site Scripting / File Disclosure

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems