Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- +---------------------------------------------------------------------------------------------------------------------------------------------------+
- # Exploit Title : Elfet - ElfChat 5.1.2 Pro XSS + HTML Inject on Admin / Site Settings
- # Date : 2012-07-31
- # Vulnearbility : http://www.Site.tld/chat/admin/settings.php?33dca4953ec77be27e393b32938807e7/YWFjdD1tYWlu
- # Vulnearbility2 : http://www.site.tld/chat/admin/users.php?ef2e8f2d2d3ff1bba659b81b9fc62b94/YWZpbHRyPWFsbHVzZXJzJmNydWRfYWN0PWNyZWF0ZQ--
- # Author : Avatar Fearless
- # Software link : http://community.elfchat.net/files/download/4-elfchat-5-demo/
- # Official Site : http://elfchat.net/
- # Version : 5.1.2 Pro (Updated)
- # Tested on : Windows 7 Ultimate x32
- # Original Advisory : http://thefear.in/elfchatvuln2.txt || http://pastebin.com/g6G1V9eC
- # Contact : avatar@hiphopfan.com || avatar_legends@live.com/@mail.ru
- # Web Sites : http://anti-armenia.org/ || http://millikuvvetler.net/ || http://mexfi.org/
- +---------------------------------------------------------------------------------------------------------------------------------------------------+
- [+] Vulnerable :
- http://www.Site.tld/chat/admin/settings.php
- [-] Exploit :
- In "Admin" Case you can do everythink with settings.php!
- [?] About :
- For More Info Contact me.
- [#] Description :
- I Got 2 Vulnerability on this CMS. Before all of this , This is updated version. Actually This vulnerability is not on signup.php
- This Vulnearbility Affects to : /admin/ here.
- [$] Information About This Vulnerability + Exploiting.
- Let's Take a while. What is this URL? :
- http://www.Site.tld/chat/admin/settings.php?33dca4953ec77be27e393b32938807e7/YWFjdD1tYWlu
- This is Settings. Right! Our Vulnearbility is on /admin/setting.php in the "Title" We got problem.
- In Title We can use all the JavaScript Code'S
- (EX : "<script>alert(1);</script>")
- http://s14.postimage.org/n1ldbshsw/elfchatvuln2.jpg
- And We got a HTML Injection.
- (EX : "<h1>Owned</h1>")
- http://s14.postimage.org/es4wjmyow/elfchatvuln.jpg
- You See. It Takes So Easy. i mean this JS + HTML inject isn't encrypt it is only themself. This mean it is so easy to build a XSRF
- & Take Cookie'Z. And This will be easy cause we don't have any pm and that's way you will send the link. And Admin or other users will click
- on this link and i will got the cookie :D . So Geniues ;)
- And Let's Talk About The other Vulnearbility. About The "Create another Person". Yeah This Vulnerability Affects to :
- http://www.site.tld/chat/admin/users.php?ef2e8f2d2d3ff1bba659b81b9fc62b94/YWZpbHRyPWFsbHVzZXJzJmNydWRfYWN0PWNyZWF0ZQ--
- In Here Admin Cat Put All The JS Source Codes. So We got another XSS in
- http://www.site.tld/chat/admin/users.php?ef2e8f2d2d3ff1bba659b81b9fc62b94/YWZpbHRyPWFsbHVzZXJzJmNydWRfYWN0PWNyZWF0ZQ--
- Create a new Person =)
- [@]
- Respect To :
- All My Bro*S
- AA Team
- MF Team
- MKT Team
- Gr33t`Z T0 : All Team MemBer'Z
- +---------------------------------------------------------------------------------------------------------------------------------------------------+
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement