Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

XSS and CSRF vulnerabilities in CMS Pylot

From: "MustLive" <mustlive () websecurity com ua>
Date: Sun, 28 Dec 2014 23:56:34 +0200
Hello list!
These are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities in CMS Pylot ("Пилот" on Russian). 

It's Ukrainian commercial CMS from Delta-X.

-------------------------
Affected products:
-------------------------

Vulnerable are all versions of CMS Pylot.
Developers from Delta-X haven't answered and haven't fixed these vulnerabilities. 

----------
Details:
----------

Cross-Site Scripting (WASC-08):

Example of XSS for IE:

http://site/index_admin_login.php?return_path=%27%22%20style=xss:expression(alert(document.cookie))%201

Cross-Site Request Forgery (WASC-09):

http://site/index_admin_login.php
Lack of protection in login form, such as captcha, leads to possibility of conducting CSRF attacks, which I wrote about in the article Attacks on unprotected login forms (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-April/007773.html). It allows to conduct remote login. But the from isn't vulnerable to Brute Force, since captcha appears after the first attempt.
Also it can be used for redirection. For these attacks it's needed to have working login and password: 

------------
Timeline:
------------

2014.08.02 - announced at my site.
2014.08.09 - informed developers.
2014.08.12 - informed developers again.
2014.12.26 - disclosed at my site (http://websecurity.com.ua/7292/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: