<<< Date Index >>>     <<< Thread Index >>>

Pligg Auto-Voter Using XSS to Bypass CSRF Protection



Explanation:
Pligg Suffers from a Reflective Cross Site Scripting vulnerability in 
index.php. For the $_GET['category'] variable.   Exploit code was written that 
uses this flaw to bypass the CSRF protection to then vote on any pligg article 
of the attackers choosing. I took inspiration from the Myspace Sammy worm 
utilizing XMLHttpRequest()  to read the randomly generated token protection 
requests from forgery.   This is a more serious attack when combined with my 
Captcha Implementation Bypass (http://www.rooksecurity.com/blog/?p=17)  which 
allows an attacker to create new user accounts.