Home page logo
/

bugtraq logo Bugtraq mailing list archives

Pligg Auto-Voter Using XSS to Bypass CSRF Protection
From: michaelbrooks () rooksecurity com
Date: Fri, 1 Aug 2008 18:04:40 -0600

Explanation:
Pligg Suffers from a Reflective Cross Site Scripting vulnerability in index.php. For the $_GET['category'] variable.   
Exploit code was written that uses this flaw to bypass the CSRF protection to then vote on any pligg article of the 
attackers choosing. I took inspiration from the Myspace Sammy worm utilizing XMLHttpRequest()  to read the randomly 
generated token protection requests from forgery.   This is a more serious attack when combined with my Captcha 
Implementation Bypass (http://www.rooksecurity.com/blog/?p=17)  which allows an attacker to create new user accounts. 


  By Date           By Thread  

Current thread:
  • Pligg Auto-Voter Using XSS to Bypass CSRF Protection michaelbrooks (Aug 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault