← Advisories

PyroCMS 2.1.1 CRLF Injection And Stored XSS Vulnerability

Medium

Advisory ID

ZSL-2012-5092

Release Date

04 June 2012

Vendor

HappyNinjas Ltd - http://www.pyrocms.com

Affected Version

2.1.1 (Community)

CVE

N/A

Tested On

Microsoft Windows XP Professional SP3 (EN), Apache 2.2.21, PHP 5.3.8, MySQL 5.5.20

Summary

PyroCMS is a CMS built using the CodeIgniter PHP framework. Using an MVC architecture it was built with modularity in mind. Lightweight, themeable and dynamic.

Description

PyroCMS suffers from a stored XSS and HTTP Response Splitting vulnerability when parsing user input to the 'title' and 'redirect_to' parameters via POST method thru 'index.php' script. Attackers can exploit these weaknesses to execute arbitrary HTML and script code in a user's browser session or insert arbitrary HTTP headers, which are included in a response sent to the user.

Proof of Concept

pyrocms_xss.txtTXT

Disclosure Timeline

20.05.2012Vulnerabilities discovered.

20.05.2012Initial contact with the vendor.

20.05.2012Vendor responds asking more details.

20.05.2012Sent detailed information to the vendor.

21.05.2012Vendor confirms the issues.

22.05.2012Asked vendor for status update.

27.05.2012Vendor replies.

03.06.2012Vendor releases version 2.1.2 to address these issues.

04.06.2012Coordinated public security advisory released.