Advertisement
Avatar_Fearless

Elfet - ElfChat 5.1.2 Pro XSS + HTML Inject on Admin / Site

Jul 30th, 2012
257
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.13 KB | None | 0 0
  1. +---------------------------------------------------------------------------------------------------------------------------------------------------+
  2. # Exploit Title : Elfet - ElfChat 5.1.2 Pro XSS + HTML Inject on Admin / Site Settings
  3.  
  4. # Date : 2012-07-31
  5.  
  6. # Vulnearbility : http://www.Site.tld/chat/admin/settings.php?33dca4953ec77be27e393b32938807e7/YWFjdD1tYWlu
  7.  
  8. # Vulnearbility2 : http://www.site.tld/chat/admin/users.php?ef2e8f2d2d3ff1bba659b81b9fc62b94/YWZpbHRyPWFsbHVzZXJzJmNydWRfYWN0PWNyZWF0ZQ--
  9.  
  10. # Author : Avatar Fearless
  11.  
  12. # Software link : http://community.elfchat.net/files/download/4-elfchat-5-demo/
  13.  
  14. # Official Site : http://elfchat.net/
  15.  
  16. # Version : 5.1.2 Pro (Updated)
  17.  
  18. # Tested on : Windows 7 Ultimate x32
  19.  
  20. # Original Advisory : http://thefear.in/elfchatvuln2.txt || http://pastebin.com/g6G1V9eC
  21.  
  22. # Contact : avatar@hiphopfan.com || avatar_legends@live.com/@mail.ru
  23.  
  24. # Web Sites : http://anti-armenia.org/ || http://millikuvvetler.net/ || http://mexfi.org/
  25.  
  26. +---------------------------------------------------------------------------------------------------------------------------------------------------+
  27.  
  28. [+] Vulnerable :
  29.  
  30. http://www.Site.tld/chat/admin/settings.php
  31.  
  32. [-] Exploit :
  33.  
  34. In "Admin" Case you can do everythink with settings.php!
  35.  
  36. [?] About :
  37.  
  38. For More Info Contact me.
  39.  
  40. [#] Description :
  41. I Got 2 Vulnerability on this CMS. Before all of this , This is updated version. Actually This vulnerability is not on signup.php
  42. This Vulnearbility Affects to : /admin/ here.
  43.  
  44. [$] Information About This Vulnerability + Exploiting.
  45. Let's Take a while. What is this URL? :
  46. http://www.Site.tld/chat/admin/settings.php?33dca4953ec77be27e393b32938807e7/YWFjdD1tYWlu
  47. This is Settings. Right! Our Vulnearbility is on /admin/setting.php in the "Title" We got problem.
  48. In Title We can use all the JavaScript Code'S
  49. (EX : "<script>alert(1);</script>")
  50. http://s14.postimage.org/n1ldbshsw/elfchatvuln2.jpg
  51. And We got a HTML Injection.
  52. (EX : "<h1>Owned</h1>")
  53. http://s14.postimage.org/es4wjmyow/elfchatvuln.jpg
  54. You See. It Takes So Easy. i mean this JS + HTML inject isn't encrypt it is only themself. This mean it is so easy to build a XSRF
  55. & Take Cookie'Z. And This will be easy cause we don't have any pm and that's way you will send the link. And Admin or other users will click
  56. on this link and i will got the cookie :D . So Geniues ;)
  57. And Let's Talk About The other Vulnearbility. About The "Create another Person". Yeah This Vulnerability Affects to :
  58. http://www.site.tld/chat/admin/users.php?ef2e8f2d2d3ff1bba659b81b9fc62b94/YWZpbHRyPWFsbHVzZXJzJmNydWRfYWN0PWNyZWF0ZQ--
  59. In Here Admin Cat Put All The JS Source Codes. So We got another XSS in
  60. http://www.site.tld/chat/admin/users.php?ef2e8f2d2d3ff1bba659b81b9fc62b94/YWZpbHRyPWFsbHVzZXJzJmNydWRfYWN0PWNyZWF0ZQ--
  61. Create a new Person =)
  62.  
  63. [@]
  64.  
  65. Respect To :
  66.  
  67. All My Bro*S
  68.  
  69. AA Team
  70.  
  71. MF Team
  72.  
  73. MKT Team
  74.  
  75. Gr33t`Z T0 : All Team MemBer'Z
  76.  
  77. +---------------------------------------------------------------------------------------------------------------------------------------------------+
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement