Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:29817
HistoryOct 01, 2013 - 12:00 a.m.

XSS and Redirector vulnerabilities in InstantCMS

2013-10-0100:00:00
vulners.com
20
JSON

Hello 3APA3A!

These are Cross-Site Scripting and Redirector vulnerabilities in InstantCMS.

Affected products:

Vulnerable are InstantCMS 1.10.2 and previous versions.

Affected vendors:

InstantSoft
http://www.instantcms.ru

Details:

Cross-Site Scripting (WASC-08):

GET request to http://site/modules/mod_template/set.php with setting Referer header.

Referer: data:text/html;base64,PHNjcmlwdD5hbGVydChkb2N1bWVudC5jb29raWUpPC9zY3JpcHQ%2B

Redirector (URL Redirector Abuse) (WASC-38):

GET request to http://site/modules/mod_template/set.php with setting Referer header.

Referer: http://websecurity.com.ua

Timeline:

2013.07.14 - found multiple vulnerabilities in InstantCMS 1.10.1.
2013.07.17 - announced at my site.
2013.07.19 - informed developers about first part of the vulnerabilities. Ignored.
2013.07.31 - informed developers about another part of the vulnerabilities. Answered, but refused to fix.
2013.08.02 - reminded developers about first letter with holes and explained why to fix them.
2013.08.02 - developers released InstantCMS 1.10.2 without fixing any informed vulnerabilities. Both above-mentioned holes work in it.
2013.09.17 - disclosed at my site (http://websecurity.com.ua/6661/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

JSON