Video: Bypassing phpNuke 8.x Referer Check Anti-CSRF Defense

By YGN Ethical Hacker Group -
[View Online | Download]

Description: This demo proves that simply validating hostname in HTTP Referer, a widely deployed quick anti-csrf defense, can easily be bypassed.

Popular posts from this blog

Elgg 1.7.10 <= | Multiple Vulnerabilities

By YGN Ethical Hacker Group -
1. OVERVIEW The Elgg 1.7.10 and lower versions are vulnerable to Cross Site Scripting and SQL Injection. 2. BACKGROUND Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications. Well-known Organizations with networks powered by Elgg include: Australian Government, British Government, Federal Canadian Government, MITRE, The World Bank, UNESCO, NASA, Stanford University, Johns Hopkins University and more (http://elgg.org/powering.php) 3. VULNERABILITY DESCRIPTION The "internalname" parameter is not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. The "tag_names" is not properly sanitized, which allows attacker to conduct SQL Injection at…
Read more

Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution

By YGN Ethical Hacker Group -
1. OVERVIEW Jcow CMS versions (4.x: 4.2 and lower, 5.x: 5.2 and lower) are vulnerable to Arbitrary Code Execution. 2. BACKGROUND Jcow is a flexible Social Networking software written in PHP. It can help you to build a social network for your interests and passions, a member community for your existing website and a social networking site like facebook/myspace/twitter. 3. VULNERABILITY DESCRIPTION The parameter "attachment" is not properly sanitized upon submission to /index.php, which allows attacker to execute arbitrary PHP code of his own. 4. VERSIONS AFFECTED Free version: 4.x: 4.2 and lower Commercial version: 5.x: 5.2 and lower) 5. PROOF-OF-CONCEPT/EXPLOIT http://dev.metasploit.com/redmine/attachments/1660/jcow_eval.rb jcow 4.2.1: file: /includes/libs/ss.inc.php line: 167 $app = $_POST['attachment']; if (strlen($app) && $app != 'status') { include_once('modules/'.$app.&…
Read more

Elgg 1.7.9 <= | Multiple Cross Site Scripting Vulnerabilities

By YGN Ethical Hacker Group -
1. OVERVIEW The Elgg 1.7.9 and lower versions are vulnerable to multiple Cross Site Scripting. 2. BACKGROUND Elgg is an award-winning social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications. Well-known Organizations with networks powered by Elgg include: Australian Government, British Government, Federal Canadian Government, MITRE, The World Bank, UNESCO, NASA, Stanford University, Johns Hopkins University and more (http://elgg.org/powering.php) 3. VULNERABILITY DESCRIPTION Several parameters (page_owner, content,internalname, QUERY_STRING) are not properly sanitized, which allows attacker to conduct Cross Site Scripting attack. This may allow an attacker to create a specially crafted URL that would execute arbitrary script code in a victim's browser. 4. VERSIONS AFFECTED Elgg 1.7.9 <= 5. PROOF-OF-CONCEPT/EXPLOIT…
Read more