CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerability

CVE-2014-9557 SmartCMS Multiple XSS (Cross-Site Scripting) Security Vulnerability

 

Exploit Title: Smartwebsites SmartCMS v.2 Multiple XSS Security Vulnerabilities
Product: SmartCMS v.2
Vendor: Smartwebsites
Vulnerable Versions: v.2
Tested Version: v.2
Advisory Publication: Jan 22, 2015
Latest Update: Jan 22, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9557
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [MAS, Nanyang Technological University (NTU), Singapore]

 

 

Advisory Details:

 

(1) Vendor & Product Description
Vendor: Smartwebsites
Product & Version: SmartCMS v.2
Vendor URL & Download:
Product Description: “SmartCMS is one of the most user friendly and smart content management systems there is in the Cyprus market. It makes the content management of a webpage very easy and simple, regardless of the user’s technical skills.”

 

(2) Vulnerability Details:
SmartCMS v.2 has a security vulnerability. It can be exploited by XSS attacks.
(2.1) The first vulnerability occurs at “index.php?” page with “pageid” “lang” multiple parameters.
(2.2) The second vulnerability occurs at “sitemap.php?” page with “pageid” “lang” multiple parameters.

 

 

 

 

References:

 

 

 

CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Vulnerabilities

CVE-2014-9559 SnipSnap XSS (Cross-Site Scripting) Security Vulnerabilities
Exploit Title: SnipSnap /snipsnap-search? query Parameter XSS
Product: SnipSnap
Vulnerable Versions: 0.5.2a 1.0b1 1.0b2
Tested Version: 0.5.2a 1.0b1 1.0b2
Advisory Publication: Jan 30, 2015
Latest Update: Jan 30, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9559
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [MAS, Nanyang Technological University (NTU), Singapore]

 

 

Advisory Details:

 

(1) Vendor & Product Description
Vendor:
SnipSnap
Product & Version:
SnipSnap
0.5.2a
1.0b1
1.0b2
Vendor URL & Download:
Product Description:
“SnipSnap is a user friendly content management system with features such as wiki and weblog. “

 

(2) Vulnerability Details:
SnipSnap has a security problem. It can be exploited by XSS attacks.
(2.1) The vulnerability occurs at “snipsnap-search?” page with “query” parameter.

 

 


References:

CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities

CVE-2014-9560 Softbb.net SoftBB SQL Injection Security Vulnerabilities

 

Exploit Title: Softbb.net SoftBB /redir_last_post_list.php post Parameter SQL Injection

Product: SoftBB (mods)

Vendor: Softbb.net

Vulnerable Versions: v0.1.3

Tested Version: v0.1.3

Advisory Publication: Jan 10, 2015

Latest Update: Jan 10, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) (CWE-89)

CVE Reference: CVE-2014-9560

CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

 

 

Advisory Details:

Vendor URL:

(2) Vulnerability Details:

Softbb.net SoftBB can be exploited by SQL Injection attacks.

(2.1) The vulnerability occurs at “/redir_last_post_list.php” page, with “&post” parameter.

 

References:

CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

CVE-2014-8751 goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities

 

Exploit Title: goYWP WebPress Multiple XSS (Cross-Site Scripting) Security Vulnerabilities
Product: WebPress
Vendor: goYWP
Vulnerable Versions: 13.00.06
Tested Version: 13.00.06
Advisory Publication: Dec 09, 2014
Latest Update: Dec 09, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-8751
Credit: Wang Jing [SPMS, Nanyang Technological University (NTU), Singapore]

 

Advisory Details:
(1) Product
“WebPress is the foundation on which we build web sites. It’s our unique Content Management System (CMS), flexible enough for us to build your dream site, and easy enough for you to maintain it yourself.”

 

(2) Vulnerability Details:
goYWP WebPress has a security problem. It is vulnerable to XSS attacks.
(2.1) The first security vulnerability occurs at “/search.php” page with “&search_param” parameter in HTTP GET.
(2.2) The second security vulnerability occurs at “/forms.php” (form submission ) page with “&name”, “&address” “&comment” parameters in HTTP POST.

 

References:

CVE-2015-2243 Webshop hun v1.062S Directory Traversal Web Security Vulnerabilities

Virus_Blaster1

CVE-2015-2243 Webshop hun v1.062S Directory Traversal Web Security Vulnerabilities

Exploit Title: CVE-2015-2243 Webshop hun v1.062S /index.php &mappa Parameter Directory Traversal Web Security Vulnerabilities

Product: Webshop hun

Vendor: Webshop hun

Vulnerable Versions: v1.062S

Tested Version: v1.062S

Advisory Publication: March 01, 2015

Latest Update: April 28, 2015

Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) [CWE-22]

CVE Reference: CVE-2015-2243

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Low

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service

Credit: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)








Introduction Details:



(1) Vendor & Product Description:



Vendor:

Webshop hun



Product & Version:

Webshop hun

v1.062S



Vendor URL & Download:

Webshop hun can be required from here,

http://www.webshophun.hu/index



Product Introduction Overview:

Webshop hun is an online product sell web application system.


“If our webshop you want to distribute your products, but it is too expensive to find on the internet found solutions, select the Webshop Hun shop program and get web store for free and total maker banner must display at the bottom of the page 468×60 size. The download shop program, there is no product piece limit nor any quantitative restrictions, can be used immediately after installation video which we provide assistance.


“The Hun Shop store for a free for all. In our experience, the most dynamic web solutions ranging from our country. If the Webshop Hun own image does not suit you, you can also customize the look of some of the images and the corresponding text replacement, or an extra charge we can realize your ideas. The Webshop Hun pages search engine optimized. They made the Hun Shop web program to meet efficiency guidelines for the search engines. The pages are easy to read and contain no unnecessary HTML tags. Any web page is simply a few clicks away.”






(2) Vulnerability Details:

Webshop hun web application has a computer security bug problem. It can be exploited by Directory Traversal – Local File Include (LFI) attacks. A local file inclusion (LFI) flaw is due to the script not properly sanitizing user input, specifically path traversal style attacks (e.g. ‘../../’) supplied to the parameters. With a specially crafted request, a remote attacker can include arbitrary files from the targeted host or from a remote host . This may allow disclosing file contents or executing files like PHP scripts. Such attacks are limited due to the script only calling files already on the target host.

Several similar products vulnerabilities have been found by some other bug hunter researchers before. Webshop hun has patched some of them. The MITRE Corporation is a not-for-profit company that operates multiple federally funded research and development centers (FFRDCs), which provide innovative, practical solutions for some of our nation’s most critical challenges in defense and intelligence, aviation, civil systems, homeland security, the judiciary, healthcare, and cybersecurity. It has published suggestions, advisories, solutions details related to website vulnerabilities.



(2.1) The vulnerability occurs at “&mappa” parameter in “index.php?” page.








References:

http://tetraph.com/security/directory-traversal-vulnerability/webshop-hun-v1-062s-directory-traversal-security-vulnerabilities/

http://securityrelated.blogspot.sg/2015/03/webshop-hun-v1062s-directory-traversal.html

http://packetstormsecurity.com/files/130653/Webshop-Hun-1.062S-Directory-Traversal.html

http://marc.info/?l=full-disclosure&m=142551569801614&w=4

http://lists.openwall.net/full-disclosure/2015/03/05/5

https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01902.html

http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1666

http://seclists.org/fulldisclosure/2015/Mar/26

http://lists.kde.org/?a=139222176300014&r=1&w=2

http://webcabinet.tumblr.com/post/118677916572/cve-2015-2243-webshop-hun-v1-062s-directory

https://computerpitch.wordpress.com/2015/05/11/cve-2015-2243-webshop-hun-v1-062s-directory-traversal-web-security-vulnerabilities/

http://www.covertredirect.com/tech/

https://plus.google.com/+essayjeans/posts/4yoeMytdEKx

http://whitehatpost.blog.163.com/blog/static/242232054201541122051794/

http://user.qzone.qq.com/2519094351/blog/1431325305

https://www.facebook.com/permalink.php?story_fbid=734394456671300&id=660347734075973

http://germancast.blogspot.de/2015/05/cve-2015-2243-webshop-hun-v1062s.html

https://twitter.com/essayjeans/status/597645566760226816

http://ittechnology.lofter.com/post/1cfbf60d_6eb449f