Pligg Auto-Voter Using XSS to Bypass CSRF Protection

Credit: michaelbrooks
Risk: Low
Local: No
Remote: Yes

CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

Explanation: Pligg Suffers from a Reflective Cross Site Scripting vulnerability in index.php. Forthe $_GET['category'] variable. Exploit code was written that uses this flaw tobypass the CSRF protection to then vote on any pligg article of the attackerschoosing. I took inspiration from the Myspace Sammy worm utilizing XMLHttpRequest() to read the randomly generated token protection requests from forgery. This is amore serious attack when combined with my Captcha Implementation Bypass( which allows an attacker to create new useraccounts.


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021,


Back to Top