OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Acuity CMS 2.6.x <= Cross Site Scripting

From: YGN Ethical Hacker Group (listsyehg.net)
Date: Tue Apr 17 2012 - 11:32:39 CDT


1. OVERVIEW

Acuity CMS 2.6.x (ASP-based) versions are vulnerable to Cross Site Scripting.

2. BACKGROUND

Acuity CMS is a powerful but simple, extremely easy to use, low
priced, easy to deploy content management system. It is a leader in
its price and feature class.

3. VULNERABILITY DESCRIPTION

"UserName" parameter is not properly sanitized upon submission to the
URL, /admin/login.asp , which allows attacker to conduct Cross Site
Scripting attack. This may allow an attacker to create a specially
crafted URL that would execute arbitrary script code in a victim's
browser.

4. VERSIONS AFFECTED

Tested in version 2.6.2.

5. PROOF-OF-CONCEPT/EXPLOIT

http://localhost/admin/login.asp?UserName="><script>prompt(/xss/)</script>

6. SOLUTION

The Acunity CMS is no longer in active development.
It is recommended to user another CMS in active development and support.

7. VENDOR

The Collective
http://www.thecollective.com.au/

8. CREDIT

Aung Khant, http://yehg.net, YGN Ethical Hacker Group, Myanmar.

9. DISCLOSURE TIME-LINE

2012-04-17: vulnerability disclosed

10. REFERENCES

Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/%5Bacuity_cms2.6.x_(asp)%5D_xss

#yehg [2012-04-17]