CVE-2014-9562 OptimalSite Content Management System (CMS) XSS (Cross-Site Scripting) Web Security Vulnerabilities
Exploit Title: OptimalSite CMS /display_dialog.php image Parameter XSS Web Security Vulnerability
Vendor: OptimalSite
Product: OptimalSite Content Management System (CMS)
Vulnerable Versions: V.1 V2.4
Tested Version: V.1 V2.4
Advisory Publication: January 24, 2015
Latest Update: January 31, 2015
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-9562
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
CVSS Version 2 Metrics:
Access Vector: Network exploitable; Victim must voluntarily interact with attack mechanism
Access Complexity: Medium
Authentication: Not required to exploit
Impact Type: Allows unauthorized modification
Credit: Jing Wang [School of Physical and Mathematical Sciences, Nanyang Technological University (NTU), Singapore] (@justqdjing)
Suggestion Details:
(1) Vendor & Product Description
Vendor:
OptimalSite
Product & Version:
OptimalSite Content Management System (CMS)
V.1
V2.4
Vendor URL & Download:
The product can be obtained from here,
http://www.optimalsite.com/en/
Product Description Overview:
"Content management system OptimalSite is an online software package that enables the management of information published on a website. OptimalSite consists of the system core and integrated modules, which allow expanding website possibilities and functionality. You may select a set of modules that suits your needs best.
Website page structureWebsite page structure is presented in a tree structure similar to Windows Explorer, so that several page levels can be created for each item on the menu. The website's structure itself can be easily edited: you can create new website pages, delete unnecessary ones, and temporarily disable individual pages.
Website languagesOptimalSite may be used to create a website in different languages, the number of which is not limited. Different information may be presented in each separate language and the structure of pages in each language may also differ.
WYSIWYG (What You See Is What You Get) text editorUsing this universal text editor makes posting and replacing information on the website effortless. Even a minimum knowledge of MS Word and MS Excel will make it easy to use the tools of WYSIWYG text editor and implement your ideas.
Search function in the systemBy using search function system’s administrator is able to find any information that is published in administrative environment. It is possible to execute a search in the whole system and in separate its’ modules as well.
Recycle bin functionSystem administrator is able to delete useless data. All deleted data is stored in recycle bin, so administrator can restore information anytime. "
(2) Vulnerability Details:
OptimalSite web application has a computer security bug problem. It can be exploited by stored XSS attacks. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.
Several other the similar product 0-day vulnerabilities have been found by some other bug hunter researchers before. OptinalSite has patched some of them. "Openwall software releases and other related files are also available from the Openwall file archive and its mirrors. You are encouraged to use the mirrors, but be sure to verify the signatures on software you download. The more experienced users and software developers may use our CVSweb server to browse through the source code for most pieces of Openwall software along with revision history information for each source file. We publish articles, make presentations, and offer professional services." Openwall has published suggestions, advisories, solutions details related to XSS vulnerabilities.
(2.1) The code programming flaw occurs at "&image" parameter in "display_dialog.php" page.
References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9562
https://www.mail-archive.com/fulldisclosure%40seclists.org/msg01646.html
http://lists.openwall.net/full-disclosure/2015/02/02/3
http://static-173-79-223-25.washdc.fios.verizon.net/?a=139222176300014&r=1&w=2
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1546
http://japanbroad.blogspot.sg/2015/05/cve-2014-9562-optimalsite-content.html
http://tetraph.blog.163.com/blog/static/234603051201541082835108/
https://www.facebook.com/permalink.php?story_fbid=1025716320801705&id=922151957824809
https://twitter.com/yangziyou/status/597377123976785920
https://plus.google.com/110001022997295385049/posts/7rNn4ynjzRP
http://itsecurity.lofter.com/post/1cfbf9e7_6e96648
http://securitypost.tumblr.com/post/118602594462/cve-2014-9562-optimalsite-content-management