Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Simplog 0.9.3.2 - Multiple Vulnerabilities

🗓️ 16 Nov 2009 00:00:00Reported by Amol NaikType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 40 Views

Simplog v0.9.3.2 - Multiple Vulnerabilities, Persistent XSS, CSRF, Unauthorized Comment Deletio

Code
################################################################################
Mutliple Vulnerabilities in Simplog v0.9.3.2

Name Multiple vulnerabilities in Simplog
Systems Affected Simplog 0.9.3.2 and possibly earlier versions
Download http://sourceforge.net/projects/simplog/files/simplog/0.9.3.2/simplog-0.9.3.2.tar.gz/download
Author Amol Naik (amolnaik4[at]gmail.com)
Date 16/11/2009
################################################################################


############
1. OVERVIEW
############

Simplog provides an easy way for users to add blogging capabilities to their existing websites.
Simplog is written in PHP and compatible with multiple databases.
Simplog also features an RSS/Atom aggregator/reader.

###############
2. DESCRIPTION
###############

Simplog is vulnerable to Persistent cross-site scripting, cross-site request forgery and unauthorized comment deletion.

######################
3. TECHNICAL DETAILS
######################

Summery:

(A) Persistent Cross-site Scripting
(B) Cross Site Request Forgery
(C) Edit/Delete Comments (Bypassing Authorization)


(A) Persistent Cross-site Scripting
++++++++++++++++++++++++++++++++++++

Vulnerable page comments.php
Vulnerable Parameters cname, email

When adding a comment for any blog entry, it is possible to add a Persistent XSS payload in "Name" & "Email" parameters due to improper sanitization of the user inputs.

++++
POC
++++

Put this in the comment:

Name: alert("AMol_NAik")
email:">alert("AMol_NAik")


(B) Cross Site Request Forgery
+++++++++++++++++++++++++++++++

Vulnerable Page user.php

This application is vulenrable to CSRF which changes the password of an authenticated user. This is applicable to Admin as well.

++++
POC
++++

http://server/simplog/user.php?pass1=&pass2=&blogid=&act=change


For example, if an authenticated user clicks on the below link, his/her password changes to "AMol_NAik".

http://server/simplog/user.php?pass1=AMol_NAik&pass2=AMol_NAik&blogid=1&act=change


(C) Edit/Delete Comments (Bypassing Authorization)
+++++++++++++++++++++++++++++++++++++++++++++++++++

Vulnerable Page comments.php
Vulnerable Parameters op, cid

The application provides a function to edit n delete the comments to Blog Admin. It is possible for attacker to edit/delete any comment due to improper authorization.

++++
POC
++++

Edit comment: http://server/simplog/comments.php?op=edit&cid=
Delete Comment: http://server/simplog/comments.php?op=del&cid=


############
4. TimeLine
############

03/11/2009 Bug Discovered
03/11/2009 Reported to Vendor
16/11/2009 No response received till the date
16/11/2009 Public Disclosure

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Nov 2009 00:00Current
7.4High risk
Vulners AI Score7.4
simplogvulnerabilitiespersistent xsscsrfunauthorized comment deletionphprss/atomcsrf bypasspublic disclosure
40