=========================================================== Vulnerable Software: KubeLance: 1.8.0 Official Site: kubelabs.com =========================================================== Vuln Desc: KubeLance: 1.8.0 suffers from multiple CSRF and XSS+HTML injection vulns. Below i'll show to you ONLY CSRF exploitation but mixing it with XSS payload possible and exploitable. (For exploitate CSRF+XSS simply change forms and corresponding values to XSS payload thats all) =========================================================== Using CSRF vuln in this situation: Possible #1: forcing admin to logout: http://demos.kubelabs.com/kubelance/adm/logout.php Possible #2: To change admin user name+password: adm/admin_edit.php?id=1 Possible #3: Clear logs: /adm/log_viewer.php?clear=1 etc. =========================================================== /*Will affect*/ If Currently logged admin visits crafted page which contains POC code. Will ve Pwned ASAP. =========================================================== Demo: http://demos.kubelabs.com/kubelance/ Just one POC: ============================== BEGIN OF PROOF OF CONCEPT EXPLOIT =================================== KubeLance: 1.8.0 CSRF exploitation POC

KubeLance: 1.8.0 CSRF CSRF ADD ADMIN POC

============================== END OF PROOF OF CONCEPT EXPLOIT=================================== Note1: Maybe previous versions also affected but not tested by me. Note2: In wild: I found site which uses Kubelance CMS which's *includes/config.php* says it is: $config['version'] = '2.0'; 6149742 -rw-r--r-- 1 ************** apache 2854 Apr 9 2010 config.php Version 2 (But i can't find that exact version on vendor site) Just note: That version ($config['version'] = '2.0';) is prone to PHP CODE Execution (While signup First name and Last name sections(inputboxes) can be injected with PHP CODE in eg: On submit this gives error and as result PHP code executes on server side: http://s019.radikal.ru/i618/1203/14/0ab995b456cd.png Beaware: Anyone who uses that version:Update your software ASAP and check your site for backdoors,change all your configs,cpanel,ftp passwords, email passwords and never use same passwords everywhere. My Apogolises Kubelance Guys: While testing it online (http://demos.kubelabs.com/kubelance/) i down'ed it mistakely:D Sorry 1000 times for this:( Peace /AkaStep ^_^