Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31577
HistoryDec 29, 2014 - 12:00 a.m.

XSS and CSRF vulnerabilities in CMS Pylot

2014-12-2900:00:00
vulners.com
15
JSON

Hello 3APA3A!

These are Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities in CMS Pylot ("Пилот" on Russian).

It's Ukrainian commercial CMS from Delta-X.

Affected products:

Vulnerable are all versions of CMS Pylot.

Developers from Delta-X haven't answered and haven't fixed these vulnerabilities.

Details:

Cross-Site Scripting (WASC-08):

Example of XSS for IE:

http://site/index_admin_login.php?return_path=%27%22%20style=xss:expression(alert(document.cookie))%201

Cross-Site Request Forgery (WASC-09):

http://site/index_admin_login.php

Lack of protection in login form, such as captcha, leads to possibility of conducting CSRF attacks, which I wrote about in the article Attacks on unprotected login forms (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2011-April/007773.html). It allows to conduct remote login. But the from isn't vulnerable to Brute Force, since captcha appears after the first attempt.

Also it can be used for redirection. For these attacks it's needed to have working login and password:

Timeline:

2014.08.02 - announced at my site.
2014.08.09 - informed developers.
2014.08.12 - informed developers again.
2014.12.26 - disclosed at my site (http://websecurity.com.ua/7292/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

JSON