Advisory: Reflecting XSS vulnerability in CMS e107 v. 1.0.4
Advisory ID: SROEADV-2014-05
Author: Steffen Rsemann
Affected Software: CMS e107 v. 1.0.4
Vendor URL: http://e107.org
Vendor Status: did not respond to issue
CVE-ID: -
==========================
Vulnerability Description:
==========================
The CMS e107 v. 1.0.4 has a reflecting XSS vulnerability in its
administrative backend which can be exploited by bypassing an XSS filter.
==================
Technical Details:
==================
The filemanager functionality of CMS e107 v. 1.0.4 has a reflecting XSS
vulnerability. The filemanager is located here on a normal e107
installation:
http://{TARGET}/e107_admin/filemanager.php
The e107 files are located in the following folder, which is created when
installing the CMS:
http://{TARGET}/e107_admin/filemanager.php?e107_files/
By appending specially crafted HTML and/or JavaScript-code, an attacker
could exploit this vulnerability.
Exploit-Example:
http://{TARGET}/e107_admin/filemanager.php?e107_files/%3C%73%63%72%69%70%74%3Ealert(String.fromCharCode(34,88, 83, 83,34))%3C%2F%73%63%72%69%70%74%3E%3C!--%3C%2F%73%63%72%69%70%74%3E%3C!--
=========
Solution:
=========
Vendor didn't responded to this issue, as it is announced that issues on
e107 v. 1.0.4 are handled on lower priority.
====================
Disclosure Timeline:
====================
26/27-Dec-2014 – found the vulnerability
27-Dec-2014 - informed the developers
27-Dec-2014 – release date of this security advisory [without technical details]
03-Dec-2014 - opened up an issue on Github as vendor not responded (see https://github.com/e107inc/e107v1/issues/2)
09-Jan-2015 - release date of this security advisory
09-Jan-2015 - send to lists
========
Credits:
========
Vulnerability found and advisory written by Steffen Rsemann.
===========
References:
===========
[1] http://e107.org
[2] http://sroesemann.blogspot.de/2014/12/sroeadv-2014-05.html
[3] https://github.com/e107inc/e107v1/issues/2
[4] http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2014-05.html
This information is provided for TESTING and LEGAL RESEARCH purposes only. All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum