AR Web Content Manager (AWCM) Cross-Site scripting Vulnerability

2011.04.13
Credit: SecPod Research
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2011-1668
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

SecPod Research Team Member Antu Sanadi has found a XSS vulnerability in AR Web Content Manager (AWCM) Advisory details has been attached to this mail. Regards, SecPod Research Team http://www.secpod.com ####### AR Web Content Manager (AWCM) v2.2 Cross-Site scripting Vulnerability SecPod Technologies (www.secpod.com) Author: Antu Sanadi ####### SecPod ID: 1012 21/03/2011 Issue Discovered 24/03/2011 Vendor Notified 24/03/2011 Vendor Responded 25/03/2011 Vendor Solution Class: Cross-Site Scripting Severity: Medium Overview: --------- AR Web Content Manager (AWCM) is prone to Cross-Site Scripting vulnerability. Technical Description: ---------------------- AR Web Content Manager (AWCM) is prone to a Cross-Site Scripting vulnerability as it fails to properly sanitize user-supplied input. Input passed via the 'search' parameter in 'search' action in search.php is not properly verified before it is returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of a vulnerable site. This may allow an attacker to steal cookie-based authentication credentials and launch further attacks. The vulnerability has been tested in AR Web Content Manager v2.1 and v2.2 Other versions may also be affected. Impact: -------- Successful exploitation could allow an attacker to execute arbitrary HTML code in a user's browser session in the context of a vulnerable application. Affected Software: ------------------ AR Web Content Manager (AWCM) v2.2 and prior. Tested on, AR Web Content Manager (AWCM) v2.2 and v2.1 (Tested using Mozilla firefox browser) References: ----------- http://www.awcm-cms.com/ http://secpod.org/blog/?p=179 http://sourceforge.net/projects/awcm/files/ http://secpod.org/advisories/search.php.zip http://secpod.org/advisories/SECPOD_AWCM_XSS.txt Proof of Concept: ----------------- http://IP_ADDR/awcm/search.php?search=<script>alert("SecPod-XSS-Test")</ script>&where=all Solution: ---------- Vendor as has provided the solution, http://www.zshare.net/download/8818096688e1e96a/ Risk Factor: ------------- CVSS Score Report: ACCESS_VECTOR = NETWORK ACCESS_COMPLEXITY = MEDIUM AUTHENTICATION = NONE CONFIDENTIALITY_IMPACT = PARTIAL INTEGRITY_IMPACT = PARTIAL AVAILABILITY_IMPACT = NONE EXPLOITABILITY = PROOF_OF_CONCEPT REMEDIATION_LEVEL = UNAVAILABLE REPORT_CONFIDENCE = CONFIRMED CVSS Base Score = 5.2 (MEDIUM) (AV:N/AC:M/Au:N/C:P/I:P/A:N) Credits: -------- Antu Sanadi of SecPod Technologies has been credited with the discovery of this vulnerability.

References:

http://xforce.iss.net/xforce/xfdb/66536
http://www.securityfocus.com/bid/47126
http://www.securityfocus.com/archive/1/archive/1/517294/100/0/threaded
http://secpod.org/advisories/SECPOD_AWCM_XSS.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top