SITEFACT CMS XSS (Cross-site Scripting) Web Security Vulnerabilities

sitefact_xss2

 

SITEFACT CMS XSS (Cross-site Scripting) Web Security Vulnerabilities

 

Exploit Title: SITEFACT CMS content.php? &id Parameter XSS Security Vulnerabilities

Product: SITEFACT CMS (Content Management System)

Vendor: SITEFACT

Vulnerable Versions: version 2.01

Tested Version: version 2.01

Advisory Publication: May 24, 2015

Latest Update: May 24, 2015

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized modification

Writer and Reporter: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)

 

 

 

Recommendation Details:

 

(1) Vendor & Product Description:

Vendor:

SITEFACT

 

Product & Vulnerable Versions:

SITEFACT

version 2.01

 

Vendor URL & Download:

Product can be obtained from here,

http://www.sitefact.de/index.cfm?resid=1&res=1024&sid=2&skt=2279

 

Google Dork:

“Powered by SITEFACT”

 

Product Introduction Overview:

“Publish . Your content without any prior knowledge on the Internet Numerous integrated tools are available . Images, documents and movies can be provided with a click. We present yourself individually and professionally to your CI and your wishes . About a layout interface design can change at any time , or of course your own layout to be integrated. Our content management system is designed for search engine indexing . You can easily book your website for search engines like Google , Bing , Yahoo , … optimize ..”

“By running his own web server , you do not need a provider and need to install anything . Updates are performed automatically and for free . All you need is a PC with Internet access. SITE FACT is a proprietary development of Arvenia GmbH . Therefore, we can always realize your individual wishes and integrate them into SITE FACT. If you need our assistance , please contact our free support. With personal contact and landline number during the entire runtime.”

 

 

 

(2) Vulnerability Details:

SITEFACT web application has a computer cyber security bug problem. It can be exploited by XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server.

Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. SITEFACT has patched some of them. The Full Disclosure mailing list is a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature and support for researchers’ right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them. Vendor legal intimidation and censorship attempts are not tolerated here! It also publishes suggestions, advisories, solutions details related to XSS vulnerabilities and cyber intelligence recommendations.

 

(2.1) The first programming flaw occurs at “/index.cfm?” page with “&res” “&skt” “&pid” parameters.

 

(2.2) The second programming flaw occurs at login domain “/index.cfm?” page with “&sid” parameter.

 

 

 

 

 

References:

http://www.tetraph.com/security/xss-vulnerability/sitefact-cms-xss/

http://securityrelated.blogspot.com/2015/05/sitefact-cms-xss.html

http://www.inzeed.com/kaleidoscope/computer-security/sitefact-cms-xss/

http://www.diebiyi.com/articles/security/sitefact-cms-xss/

https://itswift.wordpress.com/2015/05/24/sitefact-cms-xss/

https://www.facebook.com/pcwebsecurities/posts/695045367308050

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg02031.html

http://computerobsess.blogspot.com/2015/05/sitefact-cms-xss.html

https://webtechwire.wordpress.com/2015/05/24/sitefact-cms-xss/

http://whitehatpost.blog.163.com/blog/static/242232054201542474057982/

http://cxsecurity.com/issue/WLB-2015030073

http://seclists.org/fulldisclosure/2015/Mar/2

https://www.facebook.com/tetraph/posts/1655170311369595

https://www.bugscan.net/#!/x/21256

http://permalink.gmane.org/gmane.comp.security.oss.general/16882

http://lists.openwall.net/full-disclosure/2015/05/08/7

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1958

Advertisements

One thought on “SITEFACT CMS XSS (Cross-site Scripting) Web Security Vulnerabilities

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s