[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Pligg Auto-Voter Using XSS to Bypass CSRF Protection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Pligg Auto-Voter Using XSS to Bypass CSRF Protection
From: michaelbrooks@xxxxxxxxxxxxxxxx
Date: Fri, 1 Aug 2008 18:04:40 -0600

Explanation:
Pligg Suffers from a Reflective Cross Site Scripting vulnerability in 
index.php. For the $_GET['category'] variable.   Exploit code was written that 
uses this flaw to bypass the CSRF protection to then vote on any pligg article 
of the attackers choosing. I took inspiration from the Myspace Sammy worm 
utilizing XMLHttpRequest()  to read the randomly generated token protection 
requests from forgery.   This is a more serious attack when combined with my 
Captcha Implementation Bypass (http://www.rooksecurity.com/blog/?p=17)  which 
allows an attacker to create new user accounts.

Prev by Date: iDefense Security Advisory 08.01.08: Ingres Database for Linux ingvalidpw Untrusted Library Path Vulnerability
Next by Date: Homes 4 Sale Remote XSS Vulnerabilitiy
Previous by thread: iDefense Security Advisory 08.01.08: Ingres Database for Linux ingvalidpw Untrusted Library Path Vulnerability
Next by thread: Homes 4 Sale Remote XSS Vulnerabilitiy
Index(es):
- Date
- Thread