Full Disclosure mailing list archives
XSS and CSRF vulnerabilities in CMS Pylot
From: "MustLive" <mustlive () websecurity com ua>
Date: Sun, 28 Dec 2014 23:56:34 +0200
Hello list!These are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities in CMS Pylot ("Пилот" on Russian).
It's Ukrainian commercial CMS from Delta-X. ------------------------- Affected products: ------------------------- Vulnerable are all versions of CMS Pylot.Developers from Delta-X haven't answered and haven't fixed these vulnerabilities.
---------- Details: ---------- Cross-Site Scripting (WASC-08): Example of XSS for IE: http://site/index_admin_login.php?return_path=%27%22%20style=xss:expression(alert(document.cookie))%201 Cross-Site Request Forgery (WASC-09): http://site/index_admin_login.phpLack of protection in login form, such as captcha, leads to possibility of conducting CSRF attacks, which I wrote about in the article Attacks on unprotected login forms (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-April/007773.html). It allows to conduct remote login. But the from isn't vulnerable to Brute Force, since captcha appears after the first attempt.
Also it can be used for redirection. For these attacks it's needed to have working login and password:
------------ Timeline: ------------ 2014.08.02 - announced at my site. 2014.08.09 - informed developers. 2014.08.12 - informed developers again. 2014.12.26 - disclosed at my site (http://websecurity.com.ua/7292/). Best wishes & regards, MustLive Administrator of Websecurity web sitehttp://websecurity.com.ua
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- XSS and CSRF vulnerabilities in CMS Pylot MustLive (Dec 28)