CVE-2012-5388

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2012-5388 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by pcsjj.

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2012-5388

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* White Label CMS 1.5 and prior

Exploiting these issues may allow a remote attacker to perform certain administrative actions, gain unauthorized access to the affected application, execute arbitrary script or HTML code within the context of the browser, and steal cookie-based authentication credentials. Other attacks are also possible.

An attacker can exploit HTML-injection issues through a browser. To exploit the cross-site request-forgery issue the attacker must entice an unsuspecting victim into viewing a malicious webpage.

The following exploit is available:
<html>
<title>White Label CMS CSRF</title>
<body>
<img src='http://www.example.com/wordpress/wp-admin/admin.php?page=wlcms-plugin.php&action=save&wlcms_o_developer_name="><script>alert("fun")</script><div"'>
</body>
</html>

CVE Information:
CVE-2012-5387
CVE-2012-5388

Disclosure Timeline:
Published: Oct 21 2012 12:00AM
Updated: Oct 21 2012 12:00AM

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus