############################################################################## Title : Micro CMS Persistent Cross-Site Scripting Vulnerability.
Author : Veerendra G.G from SecPod Technologies (www.secpod.com)
Vendor : http://www.micro-cms.com/
Advisory : http://secpod.org/blog/?p=135
http://secpod.org/advisories/SECPOD_MicroCMS.txt
Version : Micro CMS 1.0 beta 1
Date : 09/28/2010 ############################################################################### SecPod ID: 1004 09/03/2010 Issue Discovered
09/05/2010 Vendor Notified
No Response from Vendor Class: Persistent Cross-Site Scripting Severity: High Overview:
---------
Micro CMS is prone to Persistent Cross-Site Scripting Vulnerability. Technical Description:
----------------------
Micro CMS is prone to a Persistent Cross-Site vulnerability because it fails to
properly sanitize user-supplied input. Input passed via the 'name' parameter(also in text-area) in a comment section
to "comments/send/" is not properly verified before it is returned to the
user. This can be exploited to execute arbitrary HTML and script code in a
user's browser session in the context of a vulnerable site. This may allow
the attacker to steal cookie-based authentication and to launch further attacks. The exploit has been tested in Micro CMS 1.0 beta 1 Impact:
--------
Successful exploitation allows an attacker to execute arbitrary HTML and script
code in a user's browser session in the context of a vulnerable site. Affected Software:
------------------
Micro CMS 1.0 beta 1 and prior References:
-----------
http://www.micro-cms.com/
http://secpod.org/blog/?p=135
http://secpod.org/advisories/SECPOD_MicroCMS.txt Proof of Concepts:
------------------
Add the following attack strings:
1. My XSS Test
