← Advisories

SiNG cms 2.9.0 (email) Remote XSS POST Injection Vulnerability

Medium
Advisory ID
ZSL-2012-5097
Release Date
23 August 2012
Vendor
Simple Network Gear - http://www.sing-cms.ru
Affected Version
2.9.0
CVE
N/A
Tested On
Microsoft Windows 7 Ultimate SP1 (EN), Apache 2.4.2 (Win32), PHP 5.4.4, MySQL 5.5.25a
Summary

SiNG cms is a free modular Content Management System open source, based on a bunch of PHP / MySQL and intended use of the web server Apache.

Description

The application is prone to a reflected cross-site scripting vulnerability due to a failure to properly sanitize user-supplied input to the 'email' POST parameter in the 'password.php' script. Attackers can exploit this weakness to execute arbitrary HTML and script code in a user's browser session.

Proof of Concept
singcms_xss.htmlTXT
Disclosure Timeline
20.08.2012Vulnerability discovered.
20.08.2012Initial contact with the vendor.
22.08.2012No response from the vendor.
23.08.2012Public security advisory released.
23.08.2012Vendor releases version 2.9.1 to address this issue.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://packetstormsecurity.org/files/115812
[2]http://cxsecurity.com/issue/WLB-2012080211
[3]http://secunia.com/advisories/50378/
[4]http://sing-cms.ru/forum/bugs/uyazvimost-bazovogo-modulya-do-2-9-0-vklyuchitelno
[5]http://www.securityfocus.com/bid/55168
[6]http://forums.cnet.com/7726-6132_102-5350861.html
[7]http://www.securelist.com/en/advisories/50378
[8]http://xforce.iss.net/xforce/xfdb/77952
[9]http://www.osvdb.org/show/osvdb/84864
Changelog
23.08.2012Initial release
24.08.2012Added reference [5], [6] and [7]
26.08.2012Added reference [8] and [9]