HackDig : Dig high-quality web security articles for hacker

ImpressPages CMS 3.6 Multiple Vulnerabilities (XSS/SQLi/FD/RCE)

2014-08-13 01:56

Input passed via several parameters is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and HTML/script code in a user’s browser session in context of an affected site.

Input passed to the ‘files[0][file]‘ parameter in ‘/ip_cms/modules/administrator/repository/controller.php’ is not properly sanitised before being used to delete files. This can be exploited to delete files with the permissions of the web server via directory traversal sequences passed within the affected POST parameter.

The RCE vulnerability is caused due to the improper verification of uploaded files in ‘/ip_cms/modules/developer/config_exp_imp/manager.php’ script thru the ‘manage()’ function (@line 65) when importing a configuration file. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in ‘/file/tmp’ directory after successful injection. Permission Developer[Modules exp/imp] is required (parameter ‘i_n_2[361]‘ = on) for successful exploitation.

impresspages-linux-exploit44

impresspages-rce44

Advisories:

ImpressPages CMS v3.6 Multiple XSS/SQLi Vulnerabilities
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5157.php

ImpressPages CMS v3.6 Remote Arbitrary File Deletion Vulnerability
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5158.php

ImpressPages CMS v3.6 manage() Function Remote Code Execution Exploit
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5159.php

Vendor: http://www.impresspages.org/blog/impresspages-cms-3-7-is-mobile-as-never-before/


Source: /ecrdfilqsssx-seitilibarenluv-elpitlum-6-3-smc-segapsserpmi/3102/11/golb/km.ecneicsorez

Read:4008 | Comments:0 | Tags:Internal advisory apache arbitrary CMS code delete deletion

“ImpressPages CMS 3.6 Multiple Vulnerabilities (XSS/SQLi/FD/RCE)”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud