################################################################################### [+] CMS Elgg <1.00 (XSS;CSRF;Cambia Password)Multiple Remote Vulnerabilities [+] Discovered By ThE Lorddemon lorddemon@zonartm.org [+] Vendor:http://elgg.org/ [+] Greetings: Project MEMI-Bolivia, OpTix, RTM security Group http://zonartm.og ################################################################################### Change Password Remotely: +++++++++++++++++++++++++ 1) You Must Register In ThE site. 2) Login 3) Create a new topic and then edit http://www.sitiosocial.com/_templates/ Edit the new topic (Template) have the option to insert HTML, JavaScript ################################################################################## Exploit& HTML Injection ###Cookie Grabber#### [+] Discovered By ThE Lorddemon [+] Vendor:http://elgg.org/ ################################################################################## PoC -- Script to store cookies uploading to a host.Save as cookie.php [+]Exploit: ------- 1) Register in The SIte 2) add to the Template The victim would be anyone who comes to your blog. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ###Change Pasword#### [+] Discovered By ThE Lorddemon lorddemon@zonartm.org [+] http://zonartm.org [+] Vendor:http://elgg.org/ ####################################################################################################### 1) Register in The SIte 2) add to the Template
It is better to send all the form inside a Div tag to pass unnoticed The victim would be the user with the id. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ ###You Be More Popular, or remove the victim to Friends#### [+] Discovered By ThE Lorddemon lorddemon@zonartm.org [+] http://zonartm.org [+] Vendor:http://elgg.org/ ################################################################################################################# 1) Register in The SIte 2) Add to the Template http://www.sitioSocial.com/mod/friend/index.php?friends_name=[vacio]&action=friend&friend_id=[tu id] viewing parameters from the viewpoint of the attacker. Friends_name=is the user name who made you want to be your friend. (may be empty) Action= friend or unfriend. Friend_id=User ID. who is performing the action You can also remove it with friends cuanquier user. http://www.sitioSocial.com/mod/friend/index.php?friends_name=[vacio]&action=Unfriend&friend_id=[id_victima] ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # milw0rm.com [2009-06-22]