Realtyna RPL 8.9.2 Joomla Extension Persistent XSS And CSRF Vulnerabilities
Title: Realtyna RPL 8.9.2 Joomla Extension Persistent XSS And CSRF Vulnerabilities
Advisory ID: ZSL-2015-5271
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 22.10.2015
PHP/5.4.38
[06.10.2015] CVE-2015-7714 and CVE-2015-7715 assigned.
[07.10.2015] Contact with the vendor.
[07.10.2015] Vendor responded asking for details.
[07.10.2015] Advisory and details sent to the vendor.
[08.10.2015] Vendor confirms the vulnerability scheduling patch release date.
[21.10.2015] Vendor releases version 8.9.5 to address these issues.
[22.10.2015] Coordinated public security advisory released.
High five to lqwrm and crash!
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7715
[3] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7715
[4] https://cxsecurity.com/issue/WLB-2015100148
[5] https://www.exploit-db.com/exploits/38528/
[6] https://packetstormsecurity.com/files/134067
[24.10.2015] - Added reference [4], [5] and [6]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2015-5271
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (3/5)
Release Date: 22.10.2015
Summary
Realtyna CRM (Client Relationship Management) Add-on for RPL is a Real Estate CRM specially designed and developed based on business process and models required by Real Estate Agents/Brokers. Realtyna CRM intends to increase the Conversion Ratio of the website Visitors to Leads and then Leads to Clients.Description
The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. Multiple cross-site scripting vulnerabilities were also discovered. The issue is triggered when input passed via the multiple parameters is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.Vendor
Realtyna LLC - https://www.realtyna.comAffected Version
8.9.2Tested On
ApachePHP/5.4.38
Vendor Status
[05.10.2015] Vulnerability discovered.[06.10.2015] CVE-2015-7714 and CVE-2015-7715 assigned.
[07.10.2015] Contact with the vendor.
[07.10.2015] Vendor responded asking for details.
[07.10.2015] Advisory and details sent to the vendor.
[08.10.2015] Vendor confirms the vulnerability scheduling patch release date.
[21.10.2015] Vendor releases version 8.9.5 to address these issues.
[22.10.2015] Coordinated public security advisory released.
PoC
realtyna_xsscsrf.txtCredits
Vulnerability discovered by Bikramaditya Guha - <bik@zeroscience.mk>High five to lqwrm and crash!
References
[1] http://rpl.realtyna.com/Change-Logs/RPL7-Changelog[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7715
[3] https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7715
[4] https://cxsecurity.com/issue/WLB-2015100148
[5] https://www.exploit-db.com/exploits/38528/
[6] https://packetstormsecurity.com/files/134067
Changelog
[22.10.2015] - Initial release[24.10.2015] - Added reference [4], [5] and [6]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
