Tuesday 11 June 2013

RuubikCMS 1.1.1 - Stored XSS Vulnerability


RuubikCMS 1.1.1 suffers from Stored XSS vulnerability too, when parsing user input to the 'name' parameter via POST method through '/ruubikcms/ruubikcms/cms/index.php'.
Attackers can exploit these weaknesses to execute arbitrary HTML and script code
in a user's browser session.

I have tested it on Chrome , Internet Explorer and Firefox browsers and it works Well !!



Stored XSS Vulnerable URL's

http://127.0.0.1/ruubikcms/ruubikcms/cms/index.php                      
[vulnerable : name]

http://127.0.0.1/ruubikcms/ruubikcms/cms/extranet.php?p=member-area
[vulnerable : name]

http://127.0.0.1/ruubikcms/ruubikcms/cms/sitesetup.php              
[Vulnerable : name , siteroot]

http://127.0.0.1/ruubikcms/ruubikcms/cms/users.php?role=5&p=test      
[Vulnerable : firstname , lastname]

Simple Payload:
p@yl0ad : "><script>alert('h@cK3d by eXpl0i13r')</script>


Vulnerability POC's:





























Not much to explain as its very simple vulnerability...!!

EDB-ID: 25996




No comments:

Post a Comment