CNVD-2021-15824 Scanner

EmpireCMS is a widely-used content management system, favored by small and medium businesses for its ease of use and comprehensive features. It is designed to help users manage their web content effortlessly, offering a range of functionalities from content creation to publishing. The system is especially popular in regions looking for cost-effective solutions. Developers and web administrators utilize it for projects that require quick deployment and efficient content management. EmpireCMS supports various extensions and plugins, enhancing its versatility. With its straightforward interface, it appeals to users with varying levels of technical expertise.

Cross-Site Scripting (XSS) is a vulnerability that allows attackers to inject malicious scripts into web pages viewed by others. These scripts can be used to steal user information, hijack user sessions, or redirect users to malicious sites. The vulnerability is particularly dangerous as it can be exploited remotely with minimal user interaction. In the context of EmpireCMS, a DOM-based XSS vulnerability allows the injection of scripts through specially crafted URLs. Attackers exploit this by enticing users to click on links containing the malicious payload. Once executed, the script operates with the same privileges as the user viewing the compromised page.

The vulnerability in EmpireCMS is manifest in the handling of the "url" parameter in certain scripts. During the GET request to the ViewImg index, the parameter is susceptible to injection of JavaScript code. The system fails to sanitize user inputs, leading to the execution of arbitrary scripts. The vulnerable end point involves dynamic script generation based on user-controlled inputs. In particular, the sequence of requests involving 'if(Request("url")!=0)' and 'href=\""+Request("url")+"\"' reflects improper handling. Exploiting this, attackers can manipulate the rendered HTML/DOM in users' browsers.

If exploited, this vulnerability can have severe repercussions such as loss of sensitive information, unauthorized actions performed on behalf of users, and the spread of malware through redirected links. Malicious actors could execute scripts to phish credentials, conduct unauthorized transactions, or propagate XSS worms. Affected sites might see their reputation and user trust eroded if users become subjects of exploitation. The potential for automated attacks also increases the risk factor considerably. Additionally, clean-up and remediation efforts may incur significant costs and operational downtime.

REFERENCES

• https://sourceforge.net/projects/empirecms/
• https://www.bilibili.com/read/cv10441910
• https://vul.wangan.com/a/CNVD-2021-15824
• https://github.com/leadscloud/EmpireCMS/issues/4