Jump to content

Search the Community

Showing results for tags 'underlaying'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 1 result

  1. Advisory: Reflecting XSS vulnerabitlies, unrestricted file upload and underlaying CSRF in Landsknecht Adminsystems CMS v. 4.0.1 (DEV, beta version) Advisory ID: SROEADV-2015-14 Author: Steffen Rösemann Affected Software: Landsknecht Adminsystems CMS v. 4.0.1 (DEV, beta version) Vendor URL: https://github.com/kneecht/adminsystems Vendor Status: will be patched CVE-ID: - ========================== Vulnerability Description: ========================== Landsknecht Adminsystems CMS v. 4.0.1 (DEV, beta version) suffers from reflecting XSS- , unrestricted file-upload and an underlaying CSRF-vulnerability. ================== Technical Details: ================== The content management system Landsknecht Adminsystems v. 4.0.1, which is currently in beta development stage, suffers from reflecting XSS-vulnerabilities, a unrestricted file-upload and an underlaying CSRF-vulnerability. ================== Reflecting XSS-vulnerabilities ================== A reflecting XSS vulnerability can be found in the index.php and can be abused via the vulnerable "page"-parameter. See the following example, including exploit-example: http:// {TARGET}/index.php?page=home%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E?=de%27 Another reflecting XSS vulnerability can be found in the system.php-file and can be exploited via the vulnerable "id" parameter: http:// {TARGET}/asys/site/system.php?action=users_users&mode=edit&id=1%22%3E%3Cscript%3Ealert%281%29%3C/script%3E ============================ Unrestricted file-upload / Underlaying CSRF ============================ Registered users and administrators are able to upload arbitrary files via the following upload-form, located here: http://{TARGET}/asys/site/files.php?action=upload&path=/ As there seems not be an existing permission-model, users can read/execute files an administrator/user uploaded and vice versa. This issue includes an underlaying CSRF-vulnerability, as a user is able to upload a malicious file and trick another user or the administrator into visiting the link to the file. All files get uploaded here without being renamed: http://{TARGET}/upload/files/{UPLOADED_FILE} ========= Solution: ========= The vendor has been notified. He will provide a fix for the vulnerabilities to prevent people who might use it from being attacked, although he would not recommend using the CMS because it is in its beta stage. ==================== Disclosure Timeline: ==================== 30-Jan-2015 – found the vulnerabilities 30-Jan-2015 - informed the developers (see [3]) 30-Jan-2015 – release date of this security advisory [without technical details] 30-Jan-2015 - forked Github repository of Adminsystems v. 4.0.1 to keep it available for other security researchers (see [4]) 12-Feb-2015 - release date of this security advisory 12-Feb-2015 - vendor will patch the vulnerabilities 12-Feb-2015 - send to FullDisclosure ======== Credits: ======== Vulnerability found and advisory written by Steffen Rösemann. =========== References: =========== [1] https://github.com/kneecht/adminsystems [2] http://sroesemann.blogspot.de/2015/01/sroeadv-2015-14.html [3] https://github.com/kneecht/adminsystems/issues/1 [4] https://github.com/sroesemann/adminsystems Source
×
×
  • Create New...