ZeroCMS 1.0 - Persistent Cross-Site Scripting

EDB-ID:

34170

CVE:

2014-4710

EDB Verified:

Author:

Mayuresh Dani

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2014-07-27

Vulnerable App:

######################
# Exploit Title: Persistent ZeroCMS Cross-Site Scripting Vulnerability

# Discovered by: Mayuresh Dani

# Vendor Homepage: http://www.aas9.in/zerocms/

# Software Link: https://github.com/pcx1256/zerocms/archive/master.zip

# Version: 1.0?

# Date: 2014-07-25

# Tested on: Windows 7 / Mozilla Firefox
              Ubuntu 14.04 / Mozilla Firefox

# CVE: CVE-2014-4710

######################

# Vulnerability Disclosure Timeline:

2014-06-15:  Discovered vulnerability
2014-06-23:  Vendor Notification (Support e-mail address)
2014-07-25:  Public Disclosure

# Description

ZeroCMS is a very simple Content Management System Built using PHP and
MySQL.

The application does not validate any input to the "Full Name", "Email
Address", "Password" or "Confirm Password" functionality. It saves this
unsanitized input in the backend databased and executes it when visiting
the subsequent or any logged-in pages.

######################

# Steps to reproduce the vulnerability

1) Visit the "Create Account" page (eg.
http://localhost/zerocms/zero_transact_user.php)

2) Enter your favourite XSS payload and click on "Create Account"

3) Enjoy!

More information:
https://community.qualys.com/blogs/securitylabs/2014/07/24/yet-another-zerocms-cross-site-scripting-vulnerability-cve-2014-4710

#####################

Thanks,
Mayuresh.

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services