Zero Science Lab » Pointter PHP Content Management System 1.2 Multiple Vulnerabilities

Pointter PHP Content Management System 1.2 Multiple Vulnerabilities

Title: Pointter PHP Content Management System 1.2 Multiple Vulnerabilities
Advisory ID: ZSL-2011-5002
Type: Local/Remote
Impact: Cross-Site Scripting, System Access, Exposure of System Information, Exposure of Sensitive Information, Manipulation of Data
Risk: (3/5)
Release Date: 16.03.2011

Summary

Pointter PHP Content Management System is an advanced, fast and user friendly CMS script that can be used to build simple websites or professional websites with product categorization, product blogs, member login and search modules. The webmaster can create unlimited static page boxes, static pages, main categories, sub categories and product pages.

Description

Pointter CMS suffers from multiple vulnerabilities (post-auth) including: Stored XSS, bSQLi, LFI, Cookie Manipulation, DoS.

Vendor

PangramSoft GmbH - http://www.pointter.com

Affected Version

1.2

Tested On

Microsoft Windows XP Professional SP3 (EN)
Apache 2.2.14 (Win32)
PHP 5.3.1
MySQL 5.1.41

Vendor Status

N/A

PoC

pointtercms_xss.txt

Credits

Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>

References

[1] http://www.exploit-db.com/exploits/16987/
[2] http://www.securityfocus.com/bid/46894
[3] http://packetstormsecurity.org/files/99388
[4] http://secunia.com/advisories/43778/
[5] http://securityreason.com/wlb_show/WLB-2011030069
[6] http://xforce.iss.net/xforce/xfdb/66114
[7] http://xforce.iss.net/xforce/xfdb/66115
[8] http://xforce.iss.net/xforce/xfdb/66116
[9] http://forums.cnet.com/7726-6132_102-5101477.html
[10] http://www.securelist.com/en/advisories/43778
[11] http://osvdb.org/show/osvdb/71194
[12] http://osvdb.org/show/osvdb/71195
[13] http://osvdb.org/show/osvdb/71196
[14] http://osvdb.org/show/osvdb/71197
[15] http://osvdb.org/show/osvdb/71198

Changelog

[16.03.2011] - Initial release
[17.03.2011] - Added reference [4], [5], [6], [7] and [8]
[22.03.2011] - Added reference [9], [10], [11], [12], [13], [14] and [15]

Contact

Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk