Stradus CMS Multiple Security Vulnerabilities
BID:58669
Info
Stradus CMS Multiple Security Vulnerabilities
| Bugtraq ID: | 58669 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 22 2013 12:00AM |
| Updated: | Mar 22 2013 12:00AM |
| Credit: | DaOne |
| Vulnerable: |
Stradus Stradus CMS 1.0beta4 |
| Not Vulnerable: | |
Discussion
Stradus CMS Multiple Security Vulnerabilities
Stradus CMS is prone to multiple cross-site scripting vulnerabilities, an arbitrary file upload vulnerability, and multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to execute arbitrary script code, upload arbitrary files, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Stradus CMS 1.0beta4 is vulnerable; other version may also be affected.
Stradus CMS is prone to multiple cross-site scripting vulnerabilities, an arbitrary file upload vulnerability, and multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to execute arbitrary script code, upload arbitrary files, steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Stradus CMS 1.0beta4 is vulnerable; other version may also be affected.
Exploit / POC
Stradus CMS Multiple Security Vulnerabilities
An attacker can exploit some of these issues through a browser. To exploit a cross-site scripting vulnerability the attacker must entice an unsuspecting victim to follow a malicious URI.
The following example URLs are available:
File Upload:
http://www.example.com/SCMS_1.0/moduls/photo_album/upload.php
http://www.example.com/SCMS_1.0/moduls/simply_image/upload.php
XSS / SQL Injection:
http://www.example.com/SCMS_1.0/adminfiles/log_view.php?order_by={SQLi/XSS}
http://www.example.com/SCMS_1.0/moduls/photo_album/new.php?edit={SQLi/XSS}
An attacker can exploit some of these issues through a browser. To exploit a cross-site scripting vulnerability the attacker must entice an unsuspecting victim to follow a malicious URI.
The following example URLs are available:
File Upload:
http://www.example.com/SCMS_1.0/moduls/photo_album/upload.php
http://www.example.com/SCMS_1.0/moduls/simply_image/upload.php
XSS / SQL Injection:
http://www.example.com/SCMS_1.0/adminfiles/log_view.php?order_by={SQLi/XSS}
http://www.example.com/SCMS_1.0/moduls/photo_album/new.php?edit={SQLi/XSS}
Solution / Fix
Stradus CMS Multiple Security Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]