Document Title: =============== Anchor v0.6-0.4 CMS - Persistent Web Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=453 Release Date: ============= 2012-02-28 Vulnerability Laboratory ID (VL-ID): ==================================== 453 Product & Service Introduction: =============================== Anchor is a content management system, built especially for art-directed blogs. Intuitively-built Anchor aims to take away any of the extra pains you may recieve from using software. Don’t know when to upgrade? Anchor lets you know. Want to add custom metadata? You got it. Bug-free As is the constantly-developing nature of open-source software, any bugs that get found in Anchor are fixed as soon as they’re spotted. There may be bugs, but they’ll get fixed. A global community Anchor has users and contributors from all around the world, who all do their part to help make Anchor one of the best-maintained open-source projects on the internet. Super-simple theming If you’ve ever used WordPress, you’ll be able to theme Anchor within minutes. Even if you haven’t, it’s not a problem; you only need a basic knowledge of PHP to create powerful themes. A teeny-tiny footprint Unlike the majority of behemoth systems out there, Anchor weighs in at a minuscule 200kb, uncompressed; when zipped, it’s only 155kb — that’s the same size as a normal JPEG image. Aesthetically-gifted Anchor has been professionally-designed to ensure a nice, easy experience. Both the administration area and the site have a well-built design that’s easily extensible. (Copy of the Vendor Homepage: http://anchorcms.com/features) Abstract Advisory Information: ============================== Vulnerability-Lab Team discovered a persistent web vulnerabiliy on Anchors v0.6-0.4 Content Management System. Vulnerability Disclosure Timeline: ================================== 2012-02-22: Public or Non-Public Disclosure Discovery Status: ================= Published Affected Product(s): ==================== Anchor Product: Content Management System 0.6-4-g3e6a0ae Exploitation Technique: ======================= Remote Severity Level: =============== High Technical Details & Description: ================================ A persistent input validation vulnerability is detected Anchors v0.6-0.4 Content Management System. The bug allows remote attackers to implement/inject malicious script code on the application-side (persistent). The bug is located on the username input & output listing for administrators. Successful exploitation of the vulnerability allows remote attackers or local privileged user accounts to manipulate modules/context (persistent) & can result in account steal via session hijacking (user/mod/admin). Vulnerable Module(s): [+] Username Input/Output & Listing Picture(s): ../1.png ../2.png ../3.png Proof of Concept (PoC): ======================= The vulnerability can be exploited by remote attackers with medium required user inter action or via local low privileged user account & low required user inter action. For demonstration or reproduce ...

Editing ">