####################################################################################
JAF CMS - β¦just another flat file CMS, is a Content Management System (CMS) consist
of a powerful set of PHP scripts that allow you to maintain personal home page in an
easy way. There is no need for a database. The pages stored in a simple flat file.
http://jaf-cms.sourceforge.net/
####################################################################################
Persistent Cross Site scripting Vulnerability exist in JAF-CMS ver 4.0_RC_2 (s) forum section:
Attacker using this vulnerability can compromise site.
He/She can deface site or can steal admin cookie credentials and then using stealed cookie + Minibrowser
login to system as admin. :(
Exploitation:
Go to JAF-CMS Forum section:
For example:
ht*p://127.0.0.1/index.php?page=forum
Open new thread and just simply inject your evil javascript scenario fox ex:
<script>alert(document.cookie);</script>
in body of will created topic and post the topic.
So after this try to access that topic.XSS will occur.
More dangerious fact in this vulnerability is that:
If site admin was logined to his 'box' using:
htp://127.0.0.1/admin/ <=page
and if he will try to access using => Administration panel=>Mod Manager =>Forum ( Topic manahement Section )
htp://127.0.0.1/admin/forum.php Cookies will be stealed automatically.) This means no need using hard Social Engeneering methods in this vulnerability.
Print screen of successfull attack result can be found here:
http://qovluq.biz/uploads/sh1.png
/AkaStep
4:36 09.01.2011
WwW.AzHACk.CoM
WwW.PiRaTes-CrEw.org
WwW.AzDeFaCeRs.Org
Azerbaycana Atesli Salamlarrrrrrr)
####################################################################################
Allahu Akbar!
####################################################################################