PR07-19: Cross-site Scripting (XSS) / HTML injection on Webbler CMS admin login page (2)
This advisory has been published following consultation with UK CPNI (formerly known as NISCC)
Date Found: 14th June 2007
Successfully tested on: Webbler CMS version 3.1.3. Earlier versions are possibly affected as well.
Note: the version number is usually included within 'meta' HTML tags and 'X-Powered-By' HTTP response headers. i.e.:
X-Powered-By: webbler version 3.1.3
Webbler CMS is vulnerable to XSS within the " /uploader/index.php" server-side script and 'login' parameter.
No authentication is required to exploit this vulnerability.
An attacker may be able to cause execution of malicious scripting code in the browser of a user who clicks on a link to a site generated/managed by Webbler CMS. HTML tags can also be injected.
This type of attack can result in non-persistent defacement of the target site, or the redirection of confidential information to unauthorised third parties.
Proof of concept:
This vulnerability can only be exploited as a POST request, so the attacker must convince the victim to visit a third-party site which causes the victim's browser to submit the POST XSS request to the vulnerable site. This can be accomplished through a hidden '