Advisory ID: HTB23203 Product: Ilch CMS Vendor: http://ilch.de Vulnerable Version(s): 2.0 and probably prior Tested Version: 2.0 Advisory Publication: February 12, 2014 [without technical details] Vendor Notification: February 12, 2014=20 Public Disclosure: March 5, 2014=20 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-1944 Risk Level: Medium=20 CVSSv2 Base Score: 5 (AV:N/AC:L/Au:N/C:N/I:P/A:N) Solution Status: Fixed by Vendor Discovered and Provided: High-Tech Bridge Security Research Lab ( https://w= ww.htbridge.com/advisory/ )=20 ---------------------------------------------------------------------------= -------------------- Advisory Details: High-Tech Bridge Security Research Lab discovered vulnerability in Ilch CMS= , which can be exploited to perform Cross-Site Scripting (XSS) attacks agai= nst users and administrators of vulnerable application. 1) Cross-Site Scripting (XSS) in Ilch CMS: CVE-2014-1944 The vulnerability exists due to insufficient sanitisation of user-supplied = data in "text" HTTP POST parameter passed to "/index.php/guestbook/index/ne= wentry" URL. A remote unauthenticated user can send a specially crafted HTT= P POST request, which allows to permanently inject and execute arbitrary HT= ML and script code in user=E2=80=99s browser in context of the vulnerable w= ebsite when the victim visits the "http://[host]/index.php/guestbook/index/= index" URL. The exploitation example below uses the JavaScript "alert()" function to di= splay "immuniweb" word: POST /index.php/guestbook/index/newentry HTTP/1.1 Content-Type: application/x-www-form-urlencoded Content-Length: 151 ilch_token=3D5a528778359d4756b9b8803b48fba18b&name=3Dname&email=3Demail%40e= mail.com&homepage=3Dhttp%3A%2F%2Fsite.com&text=3D<script>alert('immuniwweb'= );</script>&saveEntry=3DSubmit ---------------------------------------------------------------------------= -------------------- Solution: Fixed by vendor on February 18, 2014 directly in the source code without ve= rsion modification/new release. Update to the version 2.0 released after Fe= bruary 18, 2014. More Information: https://github.com/IlchCMS/Ilch-2.0/commit/381e15f39d07d3cdf6aaaa25c0f2321f= 817935f7 https://github.com/IlchCMS/Ilch-2.0/commit/02bb4953c0e21cb8f20e5e91db5e15a7= 7fe1a5ce ---------------------------------------------------------------------------= -------------------- References: [1] High-Tech Bridge Advisory HTB23203 - https://www.htbridge.com/advisory/= HTB23203 - Cross-Site Scripting (XSS) in Ilch CMS. [2] Ilch CMS - http://ilch.de - Ilch is an easy to use content management s= ystem for clans, communities and homepages.=20 [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - in= ternational in scope and free for public use, CVE=C2=AE is a dictionary of = publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to = developers and security practitioners, CWE is a formal list of software wea= kness types. [5] ImmuniWeb=C2=AE - http://www.htbridge.com/immuniweb/ - is High-Tech Bri= dge's proprietary web application security assessment solution with SaaS de= livery model that combines manual and automated vulnerability testing. ---------------------------------------------------------------------------= -------------------- Disclaimer: The information provided in this Advisory is provided "as is" a= nd without any warranty of any kind. Details of this Advisory may be update= d in order to provide as accurate information as possible. The latest versi= on of the Advisory is available on web page [1] in the References.