Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:25479
HistoryJan 11, 2011 - 12:00 a.m.

Persistent Cross Site Scripting Vulnerability In JAF-CMS ver 4.0_RC_2

2011-01-1100:00:00
vulners.com
18

Exploit Title: [Persistent Cross Site Scripting Vulnerability In JAF-CMS ver 4.0_RC_2]

Google Dork: [Site engine powered by JAF-CMS]

Date: [9 January 2011]

Author: Akastep

Software Link: http://jaf-cms.sourceforge.net/

Version: JAF-CMS ver 4.0_RC_2 (may be vuln exist in older versions too)

Tested on: FreeBSD 7.1-PRERELEASE ~~~ PHP Version 5.2.11 ~~ JAF-CMS ver 4.0_RC_2

####################################################################################
JAF CMS - …just another flat file CMS, is a Content Management System (CMS) consist
of a powerful set of PHP scripts that allow you to maintain personal home page in an
easy way. There is no need for a database. The pages stored in a simple flat file.
http://jaf-cms.sourceforge.net/
####################################################################################

Persistent Cross Site scripting Vulnerability exist in JAF-CMS ver 4.0_RC_2 (s) forum section:
Attacker using this vulnerability can compromise site.
He/She can deface site or can steal admin cookie credentials and then using stealed cookie + Minibrowser
login to system as admin. :(
Exploitation:
Go to JAF-CMS Forum section:
For example:
ht*p://127.0.0.1/index.php?page=forum
Open new thread and just simply inject your evil javascript scenario fox ex:
<script>alert(document.cookie);</script>
in body of will created topic and post the topic.
So after this try to access that topic.XSS will occur.

More dangerious fact in this vulnerability is that:
If site admin was logined to his 'box' using:
htp://127.0.0.1/admin/ <=page
and if he will try to access using => Administration panel=>Mod Manager =>Forum ( Topic manahement Section )
ht
p://127.0.0.1/admin/forum.php Cookies will be stealed automatically.) This means no need using hard Social Engeneering methods in this vulnerability.

Print screen of successfull attack result can be found here:
http://qovluq.biz/uploads/sh1.png

/AkaStep

4:36 09.01.2011

WwW.AzHACk.CoM

WwW.PiRaTes-CrEw.org
WwW.AzDeFaCeRs.Org

Azerbaycana Atesli Salamlarrrrrrr)

####################################################################################
Allahu Akbar!
####################################################################################