what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Geeklog 1.7.1 Cross Site Scripting

Geeklog 1.7.1 Cross Site Scripting
Posted Jan 3, 2011
Authored by Aung Khant | Site yehg.net

Geeklog versions 1.7.1 and below suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | 1b979762b859d905fddef4be41425f3a8b45b94c6c62eb1b21c221875e6e0457

Geeklog 1.7.1 Cross Site Scripting

Change Mirror Download
=========================================================
Geeklog 1.7.1 <= Cross Site Scripting Vulnerability
=========================================================


1. OVERVIEW

The Geeklog was vulnerable to Cross Site Scripting in its
administration backend.


2. BACKGROUND

Geeklog is a PHP/MySQL based application for managing dynamic web content.
"Out of the box", it is a blog engine, or a CMS with support for
comments, trackbacks,
multiple syndication formats, spam protection, and all the other vital
features of such a system.


3. VULNERABILITY DESCRIPTION

User supplied input is not probably sanitized in the "subgroup" and "conf_group"
parameters when the configuration settings are saved in
/admin/configuration.php.
Attackers who manage to get/bypass anti-csrf token (_glsectoken) via
other means can effectively perform XSS against admin users.


4. VERSIONS AFFECTED

1.7.1 and lower


5. PROOF-OF-CONCEPT/EXPLOIT

[Request]

POST /geeklog/admin/configuration.php HTTP/1.1

_glsectoken=&conf_group=Core'"--></script><script>alert(/XSS/)</script>&subgroup='"--></script><script>alert(/XSS/)</script>

[/Request]


6. SOLUTION

Upgrade to 1.7.1sr1


7. VENDOR

Geeklog Development Team
http://www.geeklog.net/


8. CREDIT

This vulnerability was discovered by Aung Khant, http://yehg.net, YGN
Ethical Hacker Group, Myanmar.


9. DISCLOSURE TIME-LINE

2010-12-31: notified vendor
2011-01-02: vendor released fixed version
2011-01-04: vulnerability disclosed


10. REFERENCES

Original Advisory URL:
http://yehg.net/lab/pr0js/advisories/[geeklog1.7.1]_cross_site_scripting
Vendor Advisory: http://www.geeklog.net/article.php/geeklog-1.7.1sr1
About Geeklog: http://www.geeklog.net/docs/english/#introduction
http://stephensclafani.com/2009/05/26/exploiting-unexploitable-xss/
http://kuza55.blogspot.com/2008/02/exploiting-csrf-protected-xss.html

#yehg [2011-01-04]

---------------------------------
Best regards,
YGN Ethical Hacker Group
Yangon, Myanmar
http://yehg.net
Our Lab | http://yehg.net/lab
Our Directory | http://yehg.net/hwd
Login or Register to add favorites

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close