Description

A cross-site scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s browser while the browser is connected to a trusted web site. The application targets your users and not the application itself, but it uses your application as the vehicle for the attack. XSS payload is executed when the user tries to modify the value of the following mentioned variable in SilverStripe CMS & Framework v3.2.0 on 2 Places, whereas listed below along with screenshots for better understanding.

 1. Locale

 2. FailedLoginCount

Proof of concept: (POC)

Issue 1: The POST Request of the variable Locale in the new member form is vulnerable to XSS.

Figure 1: XSS payload was injected in the Locale variable.

Figure 2: Injected payload was executed in the browser

Issue 2: The POST Request of the variable FailedLoginCount in the new member form is vulnerable to XSS

Figure 01: XSS payload is injected in the Locale variable.

Figure 02: Injected payload was executed in the browser

Impact

∙ User’s session cookie & end-user files disclosure. 

∙ Hijack the user’s session & take over the account. 

∙ Installation of Trojan horse programs. 

∙ Redirection of the user to some other page or site. 

∙ Modification to the presentation of content

Remediations

Download the patch release advised as per the vendor.

Timeline

Nov 05, 2015: Vulnerability Disclosure in SilverStripe CMS & Framework and Reported

Nov 11, 2015: Vendor Response

Nov 16, 2015: Vendor Released Fix

Dec 12, 2015: Public disclosed

Dec 17, 2015: CVE Assigned

Discovered by

Cyber Security Works Pvt. Ltd. 

Advisory

Security Advisory Published by Silverstripe