Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Pligg Auto-Voter Using XSS to Bypass CSRF Protection
From: michaelbrooks () rooksecurity com
Date: Fri, 1 Aug 2008 18:04:40 -0600
Explanation:
Pligg Suffers from a Reflective Cross Site Scripting vulnerability in index.php. For the $_GET['category'] variable.   
Exploit code was written that uses this flaw to bypass the CSRF protection to then vote on any pligg article of the 
attackers choosing. I took inspiration from the Myspace Sammy worm utilizing XMLHttpRequest()  to read the randomly 
generated token protection requests from forgery.   This is a more serious attack when combined with my Captcha 
Implementation Bypass (http://www.rooksecurity.com/blog/?p=17)  which allows an attacker to create new user accounts.

  By Date           By Thread  

Current thread:
  • Pligg Auto-Voter Using XSS to Bypass CSRF Protection michaelbrooks (Aug 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]