ContentNow Multiple Remote Vulnerabilities
BID:30102
Info
ContentNow Multiple Remote Vulnerabilities
| Bugtraq ID: | 30102 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3181 CVE-2008-3180 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 06 2008 12:00AM |
| Updated: | Jul 05 2016 10:01PM |
| Credit: | CWH Underground |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
ContentNow Multiple Remote Vulnerabilities
ContentNow is prone to multiple cross-site scripting vulnerabilities and an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The attacker can exploit the file-upload issue to execute arbitrary code in the context of the webserver.
ContentNow 1.4.1 is vulnerable; prior versions may also be affected.
ContentNow is prone to multiple cross-site scripting vulnerabilities and an arbitrary-file-upload vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
The attacker can exploit the file-upload issue to execute arbitrary code in the context of the webserver.
ContentNow 1.4.1 is vulnerable; prior versions may also be affected.
Exploit / POC
ContentNow Multiple Remote Vulnerabilities
An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice an unsuspecting user into following a malicious URI.
The following example URIs are available:
http://www.example.com/contentNow/upload.php?path=/contentNow/upload/
http://www.example.com/contentnow/upload/file/language_menu.php/>"><script>alert("XSS")</script>
http://www.example.com/contentnow/upload/file/language_menu.php?pageid=>"><script>alert("XSS")</script>&clang=en
An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice an unsuspecting user into following a malicious URI.
The following example URIs are available:
http://www.example.com/contentNow/upload.php?path=/contentNow/upload/
http://www.example.com/contentnow/upload/file/language_menu.php/>"><script>alert("XSS")</script>
http://www.example.com/contentnow/upload/file/language_menu.php?pageid=>"><script>alert("XSS")</script>&clang=en
Solution / Fix
ContentNow Multiple Remote Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].