|
Application: WmsCMS
Vendors Url: http://www.web-master.biz
Bug Type: Multiple URL Handling Remote Cross-Site Scripting Vulnerabilities
Exploitation: Remote
Severity: Less Critical
Solution Status: Unpatched
Introduction: WmsCMS is a web-based CMS system
Google Dork: "Powered by WMS-CMS"
Affected Versions WmsCMS <= 2.0
Description:
User-supplied input passed via the URL is not properly sanitised before it is being returned to the user in index.php?pageid=. This can be exploited to execute arbitrary script code in the security context of an affected website, as a result the code will be able to access any of the target user's cookies, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
PoC:
[XSS">http://[target]/4print.asp?p=60&sbl=>">[XSS]
[XSS">http://[target]/4print.asp?p=60&sbr=>">[XSS]