 |
The DigiTrust Group: Advisory #080907a - Pligg CMS Persistent Cross-Site Scripting Vulnerability
Product:
Pligg CMS v9.9.5
Older versions likely affected as well
Credits:
Omer Singer
The DigiTrust Group
http://www.digitrustgroup.com
September 7, 2008
Risk Level:
HIGH
Program Summary:
Pligg is a PHP-based Content Management System designed to enable users to share and discuss news articles. Three roles are contained in the application: Normal, Admin, God.
http://www.pligg.com/
Cross-Site Scripting Vulnerability:
Input passed to the 'email' field in admin_users.php is not properly sanitized. When a web site user with "Admin" or "God" privileges access the User Management page, malicious code contained in the 'email' parameter will be executed. This could allow a user with "Admin" privileges to perform horizontal and vertical privilege escalation attacks, including attaining "God"-level privileges.
Proof of Concept Code:
While logged in as an "Admin"-level user, edit a "Normal"-level user's properties. In the email field, enter:
<script>alert('XSS')</script>
and submit. Any administrator, including one with privileges higher than "Admin"-level, will receive the javascript popup upon accessing the User Management page.
Vendor Solution:
Pending.
Copyright (c) 2008 The DigiTrust Group.
Permission is granted for the redistribution of this alert electronically. It may not be edited in any way without the express written consent of The DigiTrust Group.
Disclaimer: The information in the advisory is believed to be accurate at the time of publishing based on currently available information. Use of the information constitutes acceptance for use on an AS IS condition. There are no warranties with regard to this information. Neither the author nor the publisher accepts any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
|
Newsletter Registration
|
