0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Seo Panel 2.2.0 Cookie-Rendered Persistent XSS Vulnerability
['Seo Panel' Cookie-Rendered Persistent XSS Vulnerability (CVE-2010-4331) Mark Stanislav - mark.stanislav@gmail.com I. DESCRIPTION --------------------------------------- A vulnerability exists in 'Seo Panel' page rendering which allows for unfiltered, unencrypted content to be presented to a user through two different cookies. II. TESTED VERSION --------------------------------------- 2.2.0 III. PoC EXPLOIT --------------------------------------- Alter the value of cookies called 'default_news' or 'sponsors' and then view a site page which includes controllers/index.ctrl.php or controllers/settings.ctrl.php that will render the cookies as they exist on the user's machine. IV. NOTES --------------------------------------- * The 'default_news' cookie doesn't require a user to be authenticated whereas 'sponsors' does * The disclosure date was pushed a full month so that a fix could be released but no update was released yet * Based on discussions with the developer, they will likely encrypt the cookie contents to prevent this issue V. SOLUTION --------------------------------------- Upgrade to a release > 2.2.0 when available or otherwise disable cookie rendering. VI. REFERENCES --------------------------------------- http://www.seopanel.in/ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4331 http://www.uncompiled.com/2011/01/seo-panel-cookie-rendered-persistent-xss-vulnerability-cve-2010-4331/ VII. TIMELINE --------------------------------------- 11/24/2010 - Initial vendor disclosure 11/25/2010 - Vendor response and commitment to fix 11/25/2010 - Reply to vendor detailing potential fixes and an adjusted public disclosure date 11/25/2010 - Vendor response confirming desired public disclosure date and agreement to patch method 01/15/2011 - Public disclosure # 0day.today [2024-12-26] #