31 Temmuz 2012 Salı

Elfet - ElfChat 5.1.2 Pro XSS + HTML Inject on Admin / Site Settings 

+---------------------------------------------------------------------------------------------------------------------------------------------------+
# Exploit Title  : Elfet - ElfChat 5.1.2 Pro XSS + HTML Inject on Admin / Site Settings
# Date                    : 2012-07-31
# Vulnearbility  : http://www.Site.tld/chat/admin/settings.php?33dca4953ec77be27e393b32938807e7/YWFjdD1tYWlu
# Vulnearbility2  : http://www.site.tld/chat/admin/users.php?ef2e8f2d2d3ff1bba659b81b9fc62b94/YWZpbHRyPWFsbHVzZXJzJmNydWRfYWN0PWNyZWF0ZQ--
# Author                        : Avatar Fearless
# Software link  : http://community.elfchat.net/files/download/4-elfchat-5-demo/
# Official Site  : http://elfchat.net/
# Version                  : 5.1.2 Pro (Updated)
# Tested on              : Windows 7 Ultimate x32
# Original Advisory : http://thefear.in/elfchatvuln2.txt ||
# Contact                  : avatar@hiphopfan.com || avatar_legends@live.com/@mail.ru
# Web Sites              : http://anti-armenia.org/ || http://millikuvvetler.net/ || http://mexfi.org/
+---------------------------------------------------------------------------------------------------------------------------------------------------+
[+] Vulnerable :
http://www.Site.tld/chat/admin/settings.php
[-] Exploit :
In "Admin" Case you can do everythink with settings.php!
[?] About :
For More Info Contact me.
[#] Description :
I Got 2 Vulnerability on this CMS. Before all of this , This is updated version. Actually This vulnerability is not on signup.phpThis Vulnearbility Affects to : /admin/ here.
[$] Information About This Vulnerability + Exploiting.
Let's Take a while. What is this URL? :
http://www.Site.tld/chat/admin/settings.php?33dca4953ec77be27e393b32938807e7/YWFjdD1tYWlu
This is Settings. Right! Our Vulnearbility is on /admin/setting.php in the "Title" We got problem.
In Title We can use all the JavaScript Code'S(EX : "<script>alert(1);</script>")
http://s14.postimage.org/n1ldbshsw/elfchatvuln2.jpg
And We got a HTML Injection.
(EX : "<h1>Owned</h1>")
http://s14.postimage.org/es4wjmyow/elfchatvuln.jpg
You See. It Takes So Easy. i mean this JS + HTML inject isn't encrypt it is only themself. This mean it is so easy to build a XSRF
& Take Cookie'Z. And This will be easy cause we don't have any pm and that's way you will send the link. And Admin or other users will click
on this link and i will got the cookie :D . So Geniues ;)
And Let's Talk About The other Vulnearbility. About The "Create another Person". Yeah This Vulnerability Affects to :
http://www.site.tld/chat/admin/users.php?ef2e8f2d2d3ff1bba659b81b9fc62b94/YWZpbHRyPWFsbHVzZXJzJmNydWRfYWN0PWNyZWF0ZQ--
In Here Admin Cat Put All The JS Source Codes. So We got another XSS in
http://www.site.tld/chat/admin/users.php?ef2e8f2d2d3ff1bba659b81b9fc62b94/YWZpbHRyPWFsbHVzZXJzJmNydWRfYWN0PWNyZWF0ZQ--
Create a new Person =)
[@]
Respect To :
All My Bro*S
AA Team
MF Team
MKT Team
Gr33t`Z T0 : All Team MemBer'Z+---------------------------------------------------------------------------------------------------------------------------------------------------+
Gönderen zaman:

Hiç yorum yok:

Yorum Gönder

Kaydol: Kayıt Yorumları (Atom)