CMS Balitbang Depdiknas version 3.4 suffers from a cross site scripting / html injection vulnerability.
1a41d029545731d64d06dec60331bdc763768cd4971a4eb6bec1e5c6cb24e229
============================================
CMS Balitbang Depdiknas v3.4 HTML Injection
============================================
:----------------------------------------------------------------------------------------------------:
: # Exploit Title : CMS Balitbang Depdiknas v3.4 HTML Injection
: # Date : 30 September 2012
: # Author : xevil
: # Google Dork : inurl:'.sch.id' intext:'Balitbang Depdiknas versi 3.4'
: # Category : Website Page Vulnerabillity
: # Vulnerability : Textarea HTML Injection
: # Greetz to : BogorHackers Community @http://bogorhacker.net
:----------------------------------------------------------------------------------------------------:
Summary
================
Ministry Balitbang CMS v3.4 is a Content Management System (CMS) which is used to build a web-based education.
Description
================
CMS has a weakness in an index file that resides in the member directory, which actually functioned to change the display language of the page using CSS. There is a weakness that allows us to manipulate textarea where writing scripts.
Proof of Concept
================
1. Login to the member page, then go to the link Costumes Theme
2. Note the CSS textarea that contains the script:
-------------------------------------------------- -------------------
body {/ * background image * /
font-family: "Arial", serif;
font-size: 76%;
margin-top: 0px;
color: # 666666;
background: # fff url (back.jpg) repeat-x;
}
# content {/ * width web layout middle * /
width: 900px;
margin-left: auto;
margin-right: auto;
background-color: # FFFFFF;
}
-------------------------------------------------- -----------------
3. With the tag </ style> at the end, then we can enter HTML or Javascript script underneath.
4. After that, click on the save button
[+]---------------------------------- [ xevil ] -------------------------------[+]
If successful, you will see your file was successfully executed on the page.
----------------------------------------------------------------------------------