[KAPDA::#31] - Runcms 1.x Cross_Site_Scripting vulnerability in bigshow.php

KAPDA New advisory

Vulnerable products : Runcms 1.x 
Vendor:  www.runcms.org
Risk: Low 
Vulnerabilities: Cross_Site_Scripting
Discoverd by Roozbeh Afrasiabi
roozbeh[at]yahoo[dot]com
www.kapda.ir
www.persiax.com


Date :
--------------------
Found : N/A
Vendor Contacted : N/A

About :
--------------------
"Runcms Includes most things a webmaster would expect from a cms: downloads,links, tutorials section, polls, forums, news, faq, contact form,rss feeds,file uploads, blogging via xml-rpc, & more. Possibility to manage users as
groups with module/block specific access permissions, and extend functioa-lity via 3rd party module plug-ins. Has a simple yet good themability. 
Easy enough to use for users, while staying simple enough to extend & customize for coders." (from runcms.org) 


Vulnerability:
--------------------
Cross_Site_Scripting :

RUNCMS is affected by a  cross-site scripting  vulnerability. This issue is due to the failure of the application to properly sanitize user-
supplied input.

As a result of this vulnerability, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of an unsuspecting user when followed. 


Detail and PoC :
--------------------

The application does not validate the "id" variable upon submission
to bigshow.php.

[target]/modules/downloads/bigshow.php?id=[url of an image]'>[code]


Solution :
--------------------
N/A


Original Advisory :
--------------------
http://www.kapda.ir/advisory-280.html



Credit :
--------------------
Discoverd by Roozbeh Afrasiabi
roozbeh_afrasiabi[at]yahoo.com
Kapda
Security Science Researchers Insitute
www.kapda.ir
www.persiax.com