# Exploit Title: [Persistent Cross Site Scripting Vulnerability In JAF-CMS ver 4.0_RC_2]
# Google Dork: [Site engine powered by JAF-CMS]
# Date: [9 January 2011] 
# Author: Akastep
# Software Link: http://jaf-cms.sourceforge.net/ 
#  Version:  JAF-CMS ver 4.0_RC_2 (may be vuln exist in older versions too)
# Tested on: FreeBSD 7.1-PRERELEASE ~~~ PHP Version 5.2.11 ~~ JAF-CMS ver 4.0_RC_2


####################################################################################
JAF CMS - ...just another flat file CMS, is a Content Management System (CMS) consist
of a powerful set of PHP scripts that allow you to maintain personal home page in an  
easy way. There is no need for a database. The pages stored in a simple flat file.
http://jaf-cms.sourceforge.net/ 
####################################################################################

Persistent Cross Site scripting Vulnerability exist in JAF-CMS ver 4.0_RC_2 (s) forum section:
Attacker using this vulnerability can compromise site.
He/She can deface site or can steal admin cookie credentials and then using stealed cookie + Minibrowser 
login to system as admin. :(
Exploitation:
Go to JAF-CMS Forum section:
For example:
ht*p://127.0.0.1/index.php?page=forum
 Open new thread and just simply inject your evil javascript scenario fox ex:
<script>alert(document.cookie);</script>
in body of will created topic and post the topic.
So after this try to access that topic.XSS will occur.

More dangerious fact in this vulnerability is that:
If site admin was logined to his 'box' using:
ht*p://127.0.0.1/admin/    <=page 
and if he will try to access using =>  Administration panel=>Mod Manager =>Forum ( Topic manahement Section )
ht*p://127.0.0.1/admin/forum.php  Cookies will be stealed automatically.) This means no need using hard Social Engeneering methods in this vulnerability.

Print screen of successfull attack result can be found here:
http://qovluq.biz/uploads/sh1.png



/AkaStep

4:36 09.01.2011



    WwW.AzHACk.CoM
  WwW.PiRaTes-CrEw.org
 WwW.AzDeFaCeRs.Org

Azerbaycana Atesli Salamlarrrrrrr)

####################################################################################
                                   Allahu Akbar!
####################################################################################